A hacker that goes online with the moniker “John Wick” and “Korean Hackers” claim to have hacked the Indian video on demand giant ZEE5 and now is threatening to sell the database on cybercrime marketplaces.
ZEE5 is an Indian video on demand service run by Essel Group via its subsidiary Zee Entertainment Enterprises. The service had 56 million monthly active users in December 2019and has over 150 million subscribers.
In early April, the researcher Ax Sharma published a post on Medium about a dataset with some 1,023 compromised ZEE5 Premium accounts for an online streaming service.
“The origins of the incident date back to April 12th 2020, when a new data set titled, “Zee5 Premium” (archived here) emerged on Pastebin revealing email addresses and fullplaintext passwords of some Premium users.” reads the post published by the expert.
Now, Kanishk Tagade from Quickcyber confirmed the hack of the Indian video streaming giant.
“A person or a hacking group claiming to have gained access to the network of ZEE5.com, a popular Indian OTT platform, and stolen over 150GB of live data along with the source code of the site, Quickcyber has learned.” reported Tagade.
“On June 5, 2020, a hacker going by the name John wick contacted Quickcyber to tell us they had hacked into the database of Zee5.com and their code repositories on bitbucket.org.”
The alleged hacker contacted Tagade claiming to have stolen over 150GB of live data from Zee5.com and provided the following image as a proof of access to ZEE5’s private code repositories.
The attackers also posted partial data from the compromised database, and secret keys present in the source code.
The attacker threatens to expose the database and code in public for open sale soon.
The huge trove of data contains data, recent transactions, passwords, emails, mobile numbers, email addresses, messages, etc.
According to BleepingComputer, the attackers are experts from Korea that claim to be bug hunters that have already hacked more 50 Big websites without selling any data.
John Wick crew states that has have requested to ZEE5 a 10 Ethereum “donation”for their help.
Attackers use firstname.lastname@example.org, an email address that was previously observed in the defacement of several sites done by “Korean Hackers.”
(SecurityAffairs – ZEE5, hacking)