A person or a hacking group claiming to have gained access to the network of ZEE5.com, a popular Indian OTT platform, and stolen over 150GB of live data along with the source code of the site, Quickcyber has learned.
On June 5, 2020, a hacker going by the name John wick contacted Quickcyber to tell us they had hacked into the database of Zee5.com and their code repositories on bitbucket.org.
The individual appeared to be from a Korean hacking group told us that they then downloaded 150GB of private data of Zee5.com users and the source code of the site and now planning to expose it in public for the open sale soon.
Based on the last commit timestamp in the code directory, the breach may have occurred between the end of February or March.
Update 1: Today (June 6, 2020), the hackers shared sample data of the hacked database of ZEE5 with us, along with the live code secret keys and credentials of the unsecured AWS (Amazon Web Services) bucket:
The latest record created in this database dated 24th April 2020, which means hackers have subscription information of users who had recently subscribed for the OTT platform.
The hacked database has information of the ZEE5.com subscribers from almost every state in India.
As shown in the above image, hackers obtained the database related to the PAYMENT_PLATFORM of ZEE5 users. The records entries are listed under a table named “AXINOM_SUBSCRIPTION_TABLE”.
ZEE5 uses a software developed by the company named Axinom to manage content for its OTT platform. The service provider Axinom was partnered with ZEEL (Zee Entertainment Enterprises Ltd.) back in 2017, to deliver a software stack for its ZEE5 initiative.
Update 2: Today (June 7, 2020), Ralph Wagner, the CEO of Axinom told Quickcyber that they “do not manage Zee5 database”, “nor do Axinom system use the mentioned MySQL database”. “ZEE5 uses Axinom software to manage content. The content management itself as well as extensions / services and ZEE5 software for the website are operated by ZEE5.”
“Additionally, we will investigate this case, and will release a statement as soon as our investigations are complete,” Ralph told Quickcyber.
Update 3: (On June 8, 2020) Tushar Vohra, Head Technology, ZEE5 India India said that they have noted some reports claiming about the data breach at ZEE5’s end. “We are investigating it further. We are also cognizant of the fact that the OTT sector has exploded in the past few years, so has hackers’ interest in it. Especially post COVID-19 outbreak, data hacks have been on a steady rise. It is a shallow attempt to gain vested interests,” Vohra explained.
Update 4: (On June 9, 2020) The threat actors again reached out to us telling that “zee started paying“.
Update 5: (On June 12, 2020) Axinom issued an official statement today saying, “Although there has been no confirmation of the said breach, we’d like to clarify that Axinom systems in place do not manage the mentioned data or any sensitive payment information”.
“Axinom Content Management System at Zee5 manages the on-demand content, live channels, related metadata, packages, and business models, whereas other involved partners manage the payments and associated data. Moreover, the mentioned database table – ‘AXINOM_SUBSCRIPTION_TABLE’ is not part of Axinom provided components, nor does Axinom use AWS or MySQL as part of their technology solution at Zee5. Hence, the breach was unrelated to Axinom”.
“In this particular case, none of the mentioned components were part of Axinom deliverables, and no Axinom component was involved in the claimed breach. It highlights and reconfirms the importance of data security and safety in the media and OTT industry,” reads the statement.
To claim this breach, hackers have also shared following POC screenshots with us in their email:
The hacker told Quickcyber that the stolen database of Zee5.com contains private details of the subscribers including their recent transactions, passwords, emails, mobile numbers, messages, etc.
ZEE5 is run by the Essel Group via its subsidiary Zee Media Corporation Limited. The OTT platform was launched in February 2018 and currently has more than 150 million users worldwide.
As hackers claimed to have possession of Zee5.com’s data and did not expose any details online as of now, this could be just a half baked story.
We have reached out to the Zee5’s team (for the second time) to confirm about this breach and will update the article as soon as we receive any response from them.