Cyber Incident Victim: Zee Entertainment Enterprises Limited
Date:
Jun 2020
Location:
India
Summary
A threat actor identifying as "John Wick" and "Korean Hackers" claimed responsibility for breaching an Indian streaming service, exfiltrating approximately 150GB of sensitive data including subscriber details such as email addresses, mobile numbers, passwords, and transaction records, alongside source code, AWS credentials, and internal repository access. The attackers demanded a cryptocurrency ransom while threatening public sale of the data, with evidence suggesting potential exposure of affiliated satellite TV customer information under the same parent conglomerate. The victim organization acknowledged investigating breach reports but emphasized its security infrastructure, attributing the incident to rising cyber threats targeting the OTT sector amid increased digital activity. The compromise highlighted systemic challenges in data breach disclosures within jurisdictions lacking stringent privacy legislation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around June 5, 2020, threat actors identifying as "John Wick" and "Korean Hackers" claimed responsibility for breaching the systems of Indian streaming service ZEE5, part of the Essel Group conglomerate serving over 150 million subscribers globally. The hackers contacted cybersecurity researcher Kanishk Tagade of Quickcyber, employees of ZEE5, and editors of major Indian newspapers via email, threatening to publicly sell stolen data unless they received a minimum "donation" of 10 Ethereum cryptocurrency. They asserted possession of 150GB of ZEE5's private data, including the platform's source code, subscriber databases containing recent transaction records, email addresses, mobile phone numbers, passwords, and internal messages. As evidence, they shared screenshots of a restricted Bitbucket repository containing stolen information, references to an Atlassian board, AWS bucket credentials, and secret keys from live source code. Notably, the repository also listed a "dish-tv" network drive, raising concerns about potential access to Dish TV customer data, another Essel Group subsidiary. This incident followed an earlier 2020 exposure of 1,023 premium ZEE5 account credentials on a public paste site, which ZEE5 addressed without confirming whether affected users were notified.
ZEE5's Head of Technology, Tushar Vohra, acknowledged awareness of breach reports in a statement to IANS, confirming an ongoing investigation while emphasizing the platform's "state of the art" backend security partnerships with Akamai and AWS. The company did not directly confirm the breach's validity or scope, nor did it disclose whether subscriber data was definitively compromised. No communication regarding the incident was provided to Tagade or BleepingComputer despite outreach. Vohra characterized the incident as a "shallow attempt to gain vested interests," linking it to broader post-COVID-19 increases in data targeting against OTT platforms. The article highlighted India's lack of comprehensive data protection legislation as a potential factor enabling corporations to avoid breach disclosures without facing significant regulatory penalties.