Rentomjo Data Breach Puts Over 1 Lakh Subscribers Under Threat, Hacker Group ShinyHunters Sends Ransom Emails

Rentomojo Data Breach has compromised sensitive personal data of more than 1 lakh users.

  • Rentomojo has informed its users about a recent data breach with the assurance that their financial details are safe.
  • The data breach has put the personal details of over 1 lakh Rentomojo users at risk.
  • The hacking group ShinyHunters is behind the attack, as they have sent ransom emails to several users.


Rentomojo data breach shook users earlier today as the Bengaluru-based rental service provider sent an email. In its email to subscribers, Rentomojo revealed that it had detected a security breach involving unauthorised access to one of its customer databases. Since then, several users have tweeted screenshots of a ransom email from ShinyHunters revealing that the hacking group is behind the data breach. Here’s the lowdown on everything that has happened.

Rentomojo Customer Database Hacked by ShinyHunters

Rentomojo sent an email to subscribers informing them about the data breach

As mentioned, Rentomojo sent out an email on April 19 to all users, informing them about the data breach. According to the email, the Rentomojo security team detected unauthorised access to one of its databases. As per the email, hackers could gain access to the personal details of over 1 lakh subscribers by “exploiting the cloud misconfiguration through highly sophisticated attacks. The company assures that the financial details of users, like credit and debit card details, UPI info, etc. are safe since the company never stores them in its database.

Rentomojo has also listed the corrective measures being deployed post the attack. As per the email, it has secured the database and encrypted all stored information. The company is adding security measures like intelligent threat detection, sensitive data discovery, IP traffic logging, and multi-factor authentication for added layers of security. It has also rotated all access tokens, updated all passwords, implemented Endpoint Detection and Response (EDR), and reviewed all third-party and open-source plugins/integrations. Rentomojo is undergoing security audits and vulnerability assessments to identify and resolve future risks.

While the company is leaving no stone unturned to reassure its subscribers, several users have reported receiving a ransom email from the hacking group, ShinyHunters. The hacking group claimed responsibility for the attack in the email and shared examples of the stolen data. Users have reported that the data shared are accurate. The email states that the group has downloaded terabytes of KYC details, including bank documents, passports, ID cards, driver’s licenses, and more. The group then threatens that since Rentomojo has not responded to their ransom demand, they will make all details public. These emails have spread panic amongst users, and Rentomojo has yet to respond to users’ grievances.

Have you also received the email from Rentomojo and ShinyHunters? Let us know in the comments section below.