Saturday, April 17, 2021
Home News Reports Information of over 5 lakh users allegedly leaked in Bookchor Data Breach: What we...

Information of over 5 lakh users allegedly leaked in Bookchor Data Breach: What we know so far

Bookchor is a platform to buy, sell or share old books and textbooks. It allows users to buy old books and textbooks at an affordable price and lets sellers list their old books.

Another day and another data breach have been reported. A hacker has alleged that he has breached the website of famous second-hand book dealer and downloaded information of 5,33,275 users. As per the post on a hacking forum, the threat actor breached the website in February but made the data available online on March 26.

What is Bookchor?

Bookchor is a platform to buy, sell or share old books and textbooks. The portal, managed under BookChor Literary Solutions Pvt. Ltd was founded by four friends Alok Raj Sharma, Bhavesh Sharma, Prateek Maheshwari, and Vidyut Sharma, in 2015. It allows users to buy old books and textbooks at an affordable price and lets sellers list their old books.

Details about the leaked data

In the post, the hacker wrote that he took the data dump on February 18, 2021. Though he had counted 5,05,373 unique email IDs, the total number of customers in the CSV file was 5,33,275. In the data, he had included IP Addresses, Hashed Passwords, Full names, Phone Numbers, Physical Addresses, Orders, Email addresses, and what type of phone they use (If they were using a phone).

Post on hackers’ forum about Bookchor data breach

Hacker claimed Bookchor uses unsalted MD5 encryption

In his post, the hacker claimed that Bookchor had used unsalted MD5 hash to encrypt the passwords. MD5 hashing seems reasonable at first look, but it is not recommended to encrypt sensitive information such as passwords as it is quite easy to crack. There are tools available on the internet that can decrypt unsalted MD5 hash within seconds. The passwords are reportedly available for those accounts that did not use social media authentication to create the account on Bookchor.

Sample data provided by the hacker in his post

OpIndia reached out to Bookchor

We got the contact information of one of the founders, Vidyut Sharma. On calling him, Sharma said that he was busy with some work and will get back over the phone soon. We will update the report with his comment when he reverts to us.

What can Bookchor users do?

As a Bookchor user, there is nothing much you can do about the leak other than questioning the company about the data breach. As it seems the data contains contact information and possibly the password of the users, it is better to change your password. If the password you have used on Bookchor was the same as your email ID or any other important account, make sure to change the password there too.

As more details come in, we will update the story.  

  Support Us  

Whether NDTV or 'The Wire', they never have to worry about funds. In name of saving democracy, they get money from various sources. We need your support to fight them. Please contribute whatever you can afford

Multimedia graduate by education. Writer by profession. Poet by heart.

Related Articles

Trending now

Christian pastor dupes Jalandhar family of Rs 80,000, converts them to Christianity on the pretext of healing cancer

Jalandhar Pastor Balwinder Singh duped a family of Rs 80,000 promising to cure a cancer patient, and converted them to Christianity

Watch: Muslim mob gathers at Dargah Bazar Ajmer after Friday prayers, demand arrest of Yati Narsinghanand, law against insult to Islam

Yati Narsinghanand Saraswati has been in the line of fire ever since he made some remarks on Prophet Muhammad

‘Terrorists would have fired into your heart’: Cop in Kashmir arrested under UAPA for glorifying terrorism, resisting search and turning violent

Jammu and Kashmir police arrested a Special Police Officer (SPO) under the stringent anti-terror law in Frisal village in Kulgam of South Kashmir.

We respect PM Modi’s call: PM Modi urges for snan at Kumbh to be kept symbolic due to COVID-19, Swami Avdheshanand responds

PM Modi spoke to Juna Akhara Mahamandleshwar, Swami Avdheshanand and requested for 'Shahi Snan' at Kumbh Mela to be kept symbolic.

TMC’s Derek O’Brien opposes EC’s Covid campaign restrictions, says new rules very suitable to ‘Lutyens bungalow’ residents

TMC leader Derek O'Brien criticized the Election Commission's new Covid restrictions in a press conference today.

EC extends election campaign ban before polls in West Bengal to 72 hours, no campaigning allowed after 7 PM

In view of the worsening Covid-19 crisis in the country, the Election Commission has extended restrictions on campaigning for polls

Recently Popular

Karan Johar’s Dharma Production fires Kartik Aryan, not to work with him again: Here is what happened

Dharma Productions said it was pushed to the wall by “unprofessional behaviour” of Kartik Aryan during shooting of Dostana 2

Aaj Tak to air public apology on 23rd April for sharing fake news on Sushant Singh Rajput, pay Rs 1 lac fine: Details

Aaj Tak has been asked by the NBSA (News Broadcasting Standard Authority) to air a public apology for fake news on Sushant Singh Rajput

Andhra Pradesh man hacks family of six including two children to avenge the rape of his daughter: Details

Andhra Pradesh police confirmed that the incident was a fall out of a old feud between the accused and the victim family

Derek O’Brien’s Clubhouse interaction exposes how TMC fears the prospect of loss in West Bengal: Three statements made and what they mean

Perhaps to fire-fight what Prashant Kishor said, Derek O'Brien appeared on Clubhouse for a short interaction with select 'liberals'.

Rally of dead bodies, threats against CRPF, lying and scaring with ‘detention camps’ so people don’t vote: What viral audio of Mamata Banerjee means

Mamata Banerjee was heard telling TMC worker Partha Pratim Roy to organise a political rally with the dead bodies to stir public sympathy

Justice Chandrachud apologises to a lawyer, asks him to go rest since he was fasting for Ramzan

Justice Chandrachud of the Supreme Court apologised to a Muslim lawyer for not knowing that he had been fasting during the month of Ramzan.
- Advertisement -


Connect with us