Cyber Incident Victim: ClickIndia.com
Date:
Dec 2020
Location:
India
Summary
ClickIndia.com was implicated in a data breach where approximately 8 million user records were stolen and offered for sale by a data breach broker on a hacker forum. The incident was part of a larger operation involving 26 companies, with eight being newly disclosed breaches. While the broker marketed the combined dataset of 368.8 million records, ClickIndia's breach had not been previously acknowledged or publicly reported prior to this listing. The company did not provide an official response or confirmation regarding the incident when contacted, unlike some other affected entities that either confirmed or denied involvement.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In December 2020, a data breach broker advertised the sale of 368.8 million user records allegedly stolen from 26 companies on a hacker forum, with ClickIndia.com identified among eight previously undisclosed breaches. The broker’s listing specified that ClickIndia’s database contained 8 million user records, though no pricing was set for this dataset at the time of reporting. BleepingComputer discovered the forum post on December 25, 2020, and noted that the broker typically marketed stolen data on behalf of threat actors who compromised companies. While historical precedent suggested such sales were often legitimate, ClickIndia’s breach had not been independently verified or disclosed by the company prior to the broker’s advertisement. The incident formed part of a larger pattern involving multiple organizations across sectors like e-commerce, education, and fitness, with varying levels of prior public awareness about their breaches.
BleepingComputer contacted ClickIndia and other newly exposed companies for confirmation, but no response or breach disclosure from ClickIndia was documented in the available sources. The article indicated that companies frequently acknowledged breaches only after public exposure of such sales, though ClickIndia’s status remained unconfirmed as of the report’s publication. Impacts of the alleged breach were not detailed beyond the scale of exposed records, and no specifics regarding data types (e.g., passwords, personal information) or attacker methodologies were provided for ClickIndia. MyON and Chqbook—two other newly listed companies—provided conflicting responses, with MyON confirming a limited breach and Chqbook denying compromise, illustrating variability in breach validation processes. The broader incident highlighted operational challenges in breach transparency, exemplified by TeeSpring’s delayed and obscured disclosure of its breach. Users of affected platforms, including ClickIndia, were advised to change passwords as a precautionary measure, though no malicious use of ClickIndia data was specifically reported.