Tuesday, July 16, 2024

Swiggy Account Hacked, Hackers Placed Orders Worth Rs 97,000

In a startling incident underscoring the growing menace of cybercrime, a woman’s Swiggy account was hacked, leading to fraudulent orders worth Rs 97,000.

The Delhi Police swiftly acted on the complaint, arresting two individuals, Aniket Kalra (25) and Himanshu Kumar (23), from Gurugram, Haryana, for their involvement in this sophisticated scam.

Live Account Takeover Attack Simulation

How do Hackers Bypass 2FA?

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.

Impact & How Hack Orchested

The victim, a resident of Sultanpur, faced a significant financial loss amounting to Rs 97,197 from her Lazy Pay account linked with Swiggy.

This incident highlights the economic implications of cybercrime and raises concerns about the emotional and psychological impact on victims.

The breach of personal security and privacy can lead to vulnerability and distress.

The modus operandi of the hackers was ingeniously deceptive. They employed an Interactive Voice Response (IVR) system to trick victims into believing their Swiggy accounts were being accessed illegally.

The victims were then coaxed into providing sensitive information, which the hackers used to place orders from the victims’ accounts.

These orders were primarily for grocery items, later sold at discounted rates in the market.

This method highlights modern-day hackers’ technical sophistication and psychological manipulation techniques.

By exploiting the trust people place in automated systems and their fear of unauthorized account access, the hackers could carry out their fraudulent activities with alarming success.

Arrest of Hackers

The arrest of Aniket Kalra and Himanshu Kumar resulted from diligent police work, including analysis of call details and financial transactions.

The investigation revealed that the duo had been using the IVR system to hack into Swiggy accounts, linking a phone number registered under fake ownership to the victim’s Swiggy account for order deliveries.

This meticulous planning allowed them to evade detection for a time. Aniket, a former delivery boy for Zomato and Swiggy, confessed to buying grocery items at lower prices online and reselling them, thus profiting from each fraudulent transaction.

This incident is a stark reminder of the vulnerabilities present in digital platforms and the importance of cybersecurity measures.

Swiggy has responded by enhancing security features, including automatically delinking user wallets and BNPL accounts on new device logins or contact number changes and implementing two-factor authentication. 

These steps are crucial in safeguarding users against such frauds in the future. The swift action by the Delhi Police in apprehending the culprits also sends a strong message to cybercriminals about the consequences of such illicit activities.

However, it also emphasizes the need for users to remain vigilant and cautious, especially when dealing with unsolicited communications that seek personal information.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


Latest articles

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...

Malicious NuGet Campaign Tricking Developers To Inject Malicious Code

Hackers often target NuGet as it's a popular package manager for .NET, which developers...

Akira Ransomware Attacking Airline Industry With Legitimate Tools

Airlines often become the target of hackers as they contain sensitive personal and financial...

DarkGate Malware Exploiting Excel Files And SMB File Shares

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing...
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles