Safety Detectives’ security research team has claimed Cash Karo and its UK-based parent firm Pouringpounds of storing compromised data of up to 3.5 million individuals.
According to a blog post published on Safety Detectives that was discovered by the head of research Anurag Sen, the leak was first spotted at the end of August 2019 and was first investigated by the team on 2nd September.
The report said that the firm disclosed the leak to the owner of the data, and Anurag made several attempts to contact them, including through Twitter. SD claims that the company never forwarded the concern to their security team.
The SD team declared that CashKaro and Pouringpounds had made critical details about their active users available that include their names, emails, mobile numbers, plain text passwords, bank details linked with accounts, IP addresses, etc.
Safety Detectives said that two terabytes of personally-identifying and financial data of up to 3.5 million people were a severe exposure by any measure.
Swati Bhargava, the co-founder at CashKaro, has denied the claims made by the blog post and said that maintaining the confidentiality of their customers was of utmost importance to their company as they are deeply committed to protecting the same.
CashKaro, founded by Swati Bhargava and Rohan Bhargava in 2013, works on an affiliate model and offers cashback and coupons to its users at over 1,000 partner websites that include Amazon, Snapdeal, Paytm and Shopclues. The firm has crossed over 3.5 million userbase mark and has paid over Rs 100 crore as cashback to its users.