Alleged Meesho data breach under scrutiny amid claims of recycled data

A threat actor using the alias ‘qpwomsx’ has claimed responsibility for an alleged data breach affecting Meesho, a popular Indian online shopping platform. However, the credibility of this breach is under question, as the threat actor’s data appears to be recycled from a previous incident.

 

On Nuovo BreachForums, qpwomsx shared what they claimed was a database from Meesho, showcasing snippets of data that included names, email addresses, and phone numbers. These initial claims raised concerns about the security of Meesho’s user data.

 

Upon closer examination, cybersecurity experts discovered that the sample records matched data from the 2020 IndiaMART database leak, which compromised around 38 million user records. This significant overlap has cast doubt on the authenticity of qpwomsx’s claims regarding a new breach at Meesho.

 

Further analysis by The Cyber Express highlighted additional inconsistencies within the data. Discrepancies between names and associated phone numbers suggested inaccuracies, while the short tenure of qpwomsx on the platform in May 2024 further undermined their credibility.

 

Despite these doubts, the examination revealed that many of the email addresses were valid and deliverable, adding a layer of complexity to the situation. The dataset also included location and workplace affiliations, although “null” values indicated potential gaps.

 

The Cyber Express has contacted Meesho for an official statement but has not received a response. The parallels between this alleged breach and the 2020 IndiaMART leak, which exposed sensitive information from over 40,000 suppliers, have raised concerns about the authenticity and motives behind the claims.