ShellCodeX Breach Report
Zoomcar Data Breach
zoomcar.com
Verified breach
Passwords exposed
Accounts exposed
3,589,795
Breach date
01 Jul 2018
Added to tracker
05 Jun 2020
Data classes
5
What happened
In July 2018, the Indian self-drive car rental company Zoomcar suffered a data breach which was subsequently sold on a dark web marketplace in 2020. The breach exposed over 3.5M records including names, email and IP addresses, phone numbers and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Exposed data
Email addresses
IP addresses
Names
Passwords
Phone numbers
Recommended actions
- Change your Zoomcar password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Zoomcar โ attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP