‘ZEE5,’ an Indian Video on Demand service that serves over 150 million users worldwide, has been breached by hackers. The streaming service hadn't announced anything concerning the incident initially, and as of right now, they are still investigating what happened. The hackers, who identified themselves as “John Wick” and “Korean Hackers,” claim to have grabbed 150 GB of data from the company and threaten to publish it online. The data consists of email IDs, recent transactions, messages, mobile numbers, passwords, and other confidential subscriber data.
According to emails they sent to the platform, the hackers' intention is merely to aid the streaming platform to fix its bugs and request 10 Ethereum (about $2440) in return for their "help." The conversations leaked to Bleeping Computer reveal that the same hacking team is behind several other website defacements and attacks to online services. Generally, the situation is usually resolved without the data going public. In this context, the actors have set up a private Bitbucket repository and shared access with the ZEE5 team so as to prove their point.
All that said, it looks like the users of ZEE5 have been compromised irreversibly, and the question that arises now is whether or not Dish TV subscribers are also included in the stolen data sets. ZEE5 is owned by Essel Group, who also owns the Dish TV satellite company. Unfortunately, there’s a “dittotv-databases-backup” folder in the mix, and this means that the actors could be in possession of Dish TV subscriber data as well. Still, since ZEE5 has provided no clarifications on the number of users who have had their data exposed, we are bound to limit ourselves to making assumptions based on the leaked evidence.
ZEE5 has assured its customers that its backend is reliable and robust, and they expressed their willingness to keep investing aggressively in technologies that safeguard the users. For example, they are already in a partnership with Akamai, and they are looking into the possibility of working with other experts in AWS security. ZEE5 was already recovering from a recent security lapse. In May 2020, 1,023 of the platform's premium accounts were posted on the dark web, while ZEE5 had chosen not to send any notifications to the affected individuals. No warnings were sent this time either, while the Indian authorities are unlikely to be officially informed about anything regarding the incident.