In a rather shocking turn of events for all audio content lovers, KukuFM, the podcast, and audiobook faced a major data breach. The platform, based out of Mumbai, India faced a data leak involving the personal information of more than 38 million users.
This incident was first reported by the Cybernews research team. They found an improperly configured Kibana with no publicly open security. The Kibana service is used in the Elastic Stack for searching and visualizing data in Elasticsearch. This gave hackers a highway to access sensitive user information from where e-mail addresses, phone numbers, and profile pictures can be fetched.
KukuFM was launched in 2018. In no time it became a popular audio content platform in India, offering podcasts and audiobooks mainly in Hindi and Marathi. Over 50 million downloads at the Google Play Store are proof of its fame.
What's worst was that the proper security measures had not been put in place for the Kibana instance, which saw the indexed user data under the IoT search. This made the engines a haven for cyber attackers.
Researchers informed KukuFM of the breach on 25 June. The organization's reaction was to lodge a support ticket, but in a disturbing turn of events, evidence showed that user data was still left unsecured at least until 20 September.
Over this period, the breached account might have added almost nine million new users up to approximately 30 million more than were already exposed. By the time the instance was left unsecured, the number of compromised users had increased to a staggering 38 million.
This exposed information poses a massive threat. The users of the platform are exposed to phishing and identity theft among others can happen. Following the breach, KukuFM has yet to publicly make comments on the event. This silence of the platform has made its users more nervous and concerned regarding the safety of their data.
This is not the first time popular companies have faced security breaches. Tech giants like OpenAI and Gemini have faced many incidents of major data leaks in the recent past. Read more