ZEE5 allegedly hacked by ‘Korean hackers’, customer info at risk

zee5

A hacker identifying themselves as “John Wick” and “Korean Hackers” claim to have breached the systems for Indian video on demand giant ZEE5 and are threatening to sell the database on criminal markets.

ZEE5 is an Indian streaming service with over 150 million subscribers worldwide and is part of the Essel Group conglomerate, the same company that owns ZEE news media outlets and TV channels.

Earlier this year, a paste floating on the web exposed credentials of some 1,023 Premium ZEE5 accounts. After reporting these accounts to ZEE5, they were quick to respond, but we are not aware of notifications sent to affected accounts.

Hackers claim to have breached Zee5.com

Now, Kanishk Tagade of Quickcyber has reached out to us, revealing extensive details about a massive data breach that appears to has allegedly hit the video streaming giant. 

In an email threat sent to Tagade, editors of major Indian newspapers, and employees of ZEE5, a hacker claiming to be “Korean Hackers” warned that they have breached Zee5.com and stolen a database with sensitive information.

They then threaten that they “will expose your database & code in public for open sale soon.”

Email sent from alleged hackers
Email sent from alleged hackers

The hacker(s) going by the name of “John wick” further list what all they‚Äôd be revealing: “data, recent transactions, passwords, emails, mobile numbers, email id, messages, etc‚Ķ”

A point to note here: the term “email id” used in the thread is used mainly in the Indian subcontinent to refer to an email address.

In emails with BleepingComputer, the hackers state that they mostly “help these people to fix the bugs” and request Ethereum for their help.

“We are security experts from Korea, We will find bugs and report to the clients if they do not respond we try to make money, We have hacked more 50 Big websites we never sold anything,” the threat actors told BleepingComputer.

The threat actors have stated that they are in conversations with ZEE5 and are asking for a minimum of a 10 Ethereum¬†“donation” for their help

As for the threat actors, whether or not they are from Korea cannot be confirmed.

As they are using the Tutanota email service, which provides private and encrypted mailboxes and a webmail interface, there‚Äôs no reliable way to trace the email back.

The hckindia@tutanota.com email used by the hackers was¬†previously seen in defaced sites claiming to have been done by “Korean Hackers.”

Allegedly stolen data

When the hackers contacted Tagade, they stated that they downloaded 150GB of “private data” from Zee5.com, including the site’s source code, and plan on selling it soon.

As part of the proof given to Tagade, they shared images of a repository on bitbucket.org containing the stolen information.

Bitbucket showing allegedly stolen data
Image credit: Quickcyber.news¬†‘

The URL for the Bitbucket repository is “restricted” to the public and prompts you to log in.

Private Bitbucket repository

Private Bitbucket repository

To make matters worse, these hackers have posted partial data from the compromised database, secret keys present in the live source code, references to their Atlassian board, and AWS bucket credentials. They claim to have access to user data from almost every Indian state.

The leaked records contain private information on the subscribers including recent transaction data, email addresses, mobile phone numbers, passwords, etc. and multiple screenshots shared by the hackers verify proof-of-access to such records:

SQL structure of database hosted on the AWS bucket
Image credit: Quickcyber.news :

Below you can see a picture of the alleged source code for Zee5.com that the hackers claim they have stolen.

Was Dish TV compromised too?

One of the screenshots, shown below, also has a “dish-tv” network drive on the list, which is noteworthy as¬†Essel Group, who owns¬†ZEE, also owns the satellite TV company, Dish TV.

Could this mean the hackers also had access to Dish TV customer information?

Image showing dish-tv folder

Image showing dish-tv folder

There‚Äôs also the “dittotv-databases-backup” folder. DittoTV was the former video-on-demand arm of the service.

Further investigation is in progress, and at this time, ZEE5 has not replied to Tagade or us for comment.

Under Indian law, while a Personal Data Protection Bill 2019 was introduced, it is still under analysis and not been fully legislated. There’s no mention of fines or penalties in the bill either.

Lack of sufficient data protection legislation and privacy laws in India may very well allow big corporations to suffer data breaches and not report them without risk of fines.

This is a developing story. Please check back for more updates.

Leave a Reply

Your email address will not be published. Required fields are marked *