Online fashion platform LimeRoad is alleged to have suffered from a data breach after a database containing records of millions of its customers was found for sale on the dark web. The incident was first revealed by cyber security firm Cyble, who said they came across a threat actor who claimed to have around 1.29 million customer records of LimeRoad.
“As part of our regular deepweb and darkweb monitoring, we came across a threat actor who claimed to have around 1.29 million customer records of LimeRoad. The data seems to be legitimate,” Cyble reported.
According to the security firm, among the details exposed in the leaked databases included full names of customers, their email addresses, as well as contact numbers.
LimeRoad, however, denies the allegation, calling the report “baseless.”
“As of now, only 44 numbers are available for the sample, of which very few can match our users’ numbers. We have no reason to believe anything other than that this is a random selection,” commented Suchi Mukherjee, co-founder of LimeRoad.
“We have asked the poster of the darknet and the officer from the cybersecurity front to give us the data to validate. We have not received any further data. Given the current data points, we have no reason to believe these numbers belong to any of our customers,” she added.
Launched in 2012, LimeRoad works like an e-commerce platform based in India. Initially, the business started as an online fashion store geared towards women but later included fashion clothing and accessories for kids and men as well.
According to Cyble, e-commerce reported a 78.5 percent increase in revenue from Rs 89.73 crore in the fiscal year 2017 to Rs 160.2 crore the next year. Currently, the company is also said to have around 1.4 million monthly website visitors.
“Cyble research team has been following the alleged data leak post of LimeRoad. Just few minutes back, the threat actor has leaked more than 2000 user account details. While LimeRoad has not contacted Cyble, the leaked data has already been acquired and indexed on our data breach monitoring and notification platform, AmiBreached.com for concerned users,” Cyble wrote Wednesday.
The event marks LimeRoad as the latest addition to the list of e-commerce websites to have been allegedly hit by a massive data breach. In May this year, Indonesia’s largest online store, Tokopedia, also suffered by a cyberattack, leaking details of about 15 million of its customers.