Indian AI-driven Chatbot Platform SmatSuite Hacked

Indian AI-driven Chatbot Platform SmatSuite Hacked

Recently, a Korean hacking group revealed that they have now hacked into the Indian AI-driven chatbot platform named SmatSuite and obtained complete access to their domains, customer documents, database backup, and the AWS console access, Quickcyber has learned.

On June 7, 2020, the hacking group contacted Quickcyber to share the information related to this hack that contained two of the SmatSuite domains compromise – smatsuite(dot)com and smatbot(dot)com and theft of the SmatSuite’s customer data.

Image: Hacked website of SmatBot displaying a message from the Korean Hackers

The AI-based SaaS platform is run by a Hyderabad-based company named FeSo Social Media Private Limited.

SmatSuite has two AI products – SmatBot (A chatbot for websites, messenger for lead generation, etc.) and SmatSocial (An assistant for SMM automation).

The hacking group told Quickcyber that they have access to the SmatSuite’s domain registrar account, source code backups with repositories of more than 30GB with customer documents, more than 20 GB of database backup, and admin access to the company’s Google and AWS (Amazon Web Services) accounts.

Image: Hacked domain registrar account of SmatSuite
Image: Hacked Google Admin console account of SmatBot
Image: Hacked G-mail account of Smatsocial

As you can see in the above image, It seemed that the hacked Gmail account displayed customer information of the SmatBot subscribers.

See Also: hacked: Hackers claim to have stolen data from the popular OTT platform

Further, the hackers have also shared a few more POC screenshots with us supporting the claim for this hack:

Image: Hacked AWS account of SmatBot displaying contact information
Image: Hacked AWS account of SmatBot displaying billing information

At the time of writing this article, both the websites smatsuite(dot) and smatbot(dot)com were recovered and running fine.

We have informed the company about this SmatSuite breach and awaiting a response from them.

We’ll update the article as soon as we receive anything from the SmatSuite Team.

This hack seemed to be an another hacking attempt made by the Korean hackers following the last week’s hack where hackers demanded 10 Ethereum from ZEE5.

“We are security experts from Korea, We will find bugs and report to the clients if they do not respond we try to make money, We have hacked more 50 Big websites we never sold anything,” the threat actors told BleepingComputer this week.

Share with your friends:

Leave a Reply

Your email address will not be published.