The trend for the data leak from hackers is on the rise these days. It seems eSewa or its users have allegedly become the latest victim of such data breach after Foodmandu and Vianet‘s catastrophic leak. A hacker who goes by the name of Aparichit (in Twitter) has released a snapshot of data which contains the email address, password’s initial letters, and the balance info of some users. Find the official release of eSewa on this claimed hack below.
As per the hacker’s tweet, the data breach was possible due to the absence of OTP authentication in Web login. The hackers also claim it to be just a demo for the data, so chances are he/she could have hacked more customer’s data.
The hack or data leaks seem valid as eSewa had also asked for the user to compulsorily change their password last night. When we checked our account for the web-login now, we found that they made it mandatory to reset the password by sending an email with a link.
As we see the email addresses and the initial password letters of some users, the hack or compromise of data seems real. The real question is now whether it is just a hoax or some bug in eSewa system!!
As we doubted about the biggest digital payment platform in Nepal having such a loophole, eSewa now publishes its official release for this matter. Where they say, the misleading information about the eSewa data hack on social network sites brings their attention.
eSewa official statement on the data breach
As per the official release, eSewa terms the purported hacker to have collected the customer’s data via Phishing scam from social networking sites. eSewa says “As we have found out this scam for few users, we have requested our customers who use the web browsers, to change their password immediately”.
The company also wants to assure people of their data to be secured by all means as they have certification of ISO 27001:2013. The global certification means their data security is quite trustworthy and have build the required infrastructure needed for such cyber security standards.
Finally, they request their customers to secure their password, OTP (one time password) and change their password frequently.
So, we suggest you not to leave your account as it is. It is better to save yourself (no matter if the alleged hack is a hoax) by changing your web login password immediately.
Tell us what do you think of the claim of eSewa’s data breach by the hacker, in the comment below?
