A hacker claims to be selling millions of user records relating to Indian startup Shadowfax, which offers logistics services to e-commerce and hyperlocal platforms across the country.
The pseudonymous hacker is selling allegedly stolen Shadowfax data, including mobile phone numbers, order delivery and pickup statuses, and tracking identifiers of users. The breach occurred in November, compromising five million users’ information.
It is unclear if the data was obtained directly from Shadowfax servers or as part of a pre-existing breach incident.
TechCrunch verified some of the published data by passing the tracking identifiers through Shadowfax’s order tracker, which returned valid tracking information at the time. After TechCrunch contacted Shadowfax, the tracking identifiers used to verify the data began returning an error message stating that they were “not valid.”
Founded in 2015, Shadowfax is India’s largest on-demand third-party logistics platform, working with prominent e-commerce and hyperlocal food delivery companies in the country. The company processes more than 1.5 million orders daily using a fleet size of over three million riders across over 2,500 cities in India.
Shadowfax has raised a total of $181 million, including its most recent $60 million Series D round earlier this year.
Read more on TechCrunch: