Online furniture rental company RentoMojo has suffered a data breach. The incident came to light after the company sent a mail to its users informing them about the RentoMojo data breach. Many users also took to social media platforms such as Reddit to post details regarding the security incident.
The company, which started operations in 2014, provides an alternative to buying furniture and offers consumer services to rent home furnishing products, appliances, bikes and more in the form of a subscription model.
According to a report, RentoMojo is operational in over 16 cities and saw a 60% revenue growth in 2022. The company has been profitable since October 2021 and has over 110,000 subscribers — the largest in this category.
RentoMojo data breach
In a mail titled “Important Security Notice: Data Breach & Enhanced Security Measures”, the company informed its subscribers regarding the RentoMojo data breach, its impact and what they need to do to ensure that they arr safe.
Recently, our team identified a security breach that involved unauthorized access to one of our databases. While we are still investigating, we believe it is our responsibility to inform you first. Protecting customer and business data is of top priority for us and is something we prioritize over everything and anything,” the mail stated.
Elaborating on the RentoMojo data breach, the mail stated, “It appears that the attackers were able to get unauthorized access to our customer data, including in some cases personally identifiable information by exploiting the cloud misconfiguration through extremely sophisticated attacks, thus breaching one of our databases.
However, the company assured its user base that there was no impact on any financial information like Credit cards, Debit cards or UPI as we never store them in our database.
What the company is doing post the RentoMojo data breach?
In the mail to the subscribers, the company informed the users that they have reported the incident to the appropriate authorities and are cooperating fully with the ongoing investigation.
Following are the immediate steps taken by RentoMojo to prevent such incidents in the future:
- Secured the database and encrypted all information stored in our database.
- Strengthening our infrastructure with advanced security practices like Intelligent Threat Detection, Sensitive Data Discovery and logging IP traffic
- Implemented multi-factor authentication (MFA) for additional layers of protection
- Ongoing security audits and vulnerability assessments to identify and mitigate further risks
- Rotated all the access tokens and updated all passwords immediately
- Implemented Endpoint Detection and Response (EDR) for our network
- Reviewed all the third-party and open-source plugins and integrations
The company further urged users to contact their support team at [email protected] for further information regarding the RentoMojo data breach.