Cyber Incident Victim: Zee Entertainment Enterprises Limited

In February 2021, a data breach reportedly exposed the personally identifiable information (PII) of approximately 9 million users of ZEE5, an Indian over-the-top (OTT) streaming platform with over 150 million subscribers. Internet security researcher Rajshekhar Rajaharia identified the leak, which included details such as user names and email addresses. This incident marked the second time ZEE5 faced data security issues, following another breach in mid-2020. The leak occurred amid heightened targeting of OTT platforms by malicious actors, coinciding with increased user growth during COVID-19 lockdown periods. The compromised data appeared on online platforms accessible to unauthorized parties, though specific technical details about the attack vector or intrusion methods were not disclosed in public reports.

ZEE5's legal representatives contacted DataBreaches.net on March 1, 2024, demanding removal of the breach report and threatening legal action, which the outlet declined while offering to incorporate an official statement. No response was provided by ZEE5 to this offer. Subsequently, Manish Kalra, ZEE5's Chief Business Officer, publicly denied the breach through Business Insider, asserting internal systems showed no evidence of compromise and emphasizing the company's commitment to consumer data security. Questions remained regarding the origin of the leaked sample data matching real user information and structural similarities to ZEE5's databases. Rajaharia confirmed his own data appeared in the leak, lending credibility to the breach claims despite the company's denial. The absence of detailed technical clarifications from ZEE5 left unresolved uncertainties about the breach's validity, the attacker's motivations, and the platform's data protection measures. The incident highlighted ongoing tensions between cybersecurity researchers and corporate entities regarding breach disclosures and transparency protocols.