Attack on Consumer Electronics Manufacturer boAt Leaks Data on 7.5M Customers

In a cyberattack more reminiscent of the 2010s, a seemingly lone hacker fleeced a major corporation for millions of open customer records.

A hacker with no known history has leaked personal information belonging to millions of customers of boAt, a consumer electronics company in India.
The company is Indias leading manufacturer of wireless audio and wearables; boAt controlled around 26% of the wearables market as of 2023, according to
data from IDC
. It sells nearly 40% of all earbuds in the country — more than five times its nearest competitor — according to 2022
data from Counterpoint Research
.
The threat actors, operating under the nom de guerre ShopifyGUY, on April 5 published 2GB worth of files onto the Dark Web,
according to reports
. The files contained around 7.5 million entries worth of
personally identifiable information (PII)
relating to boAt customers, including names, addresses, phone numbers, emails, and more.
The entire lot of it was listed for around only $2, potentially raising suspicion about the datas authenticity. However, multiple news outlets have since contacted samples of affected customers, confirming that their information is correct.
Dark Reading has reached out to boAts security team to confirm the details of the attack but has not yet received a response.
To prevent falling victim to such an attack, Darren Williams, CEO and founder of BlackFog, suggests that companies invest in anti-exfiltration tools.
Anti-data exfiltration is about looking for data leaving the network, and then running AI over the top of all of it to look for if its a legitimate request, he explains. Programs trained to do this job run on dozens of contextual and behavioral parameters to distinguish legitimate from illegitimate traffic.
With that said, he adds, there are even simpler and lower-tech steps companies can take to make simple leaks more complicated.
In a mature organization, he explains, a basic requirement of security is
data encryption at rest
. That way, if somebodys accessing your database, it doesnt matter, because they cant decrypt it anyway. So it fascinates me that, in this day and age, people dont do the very basic step of encrypting their database.
Its not hard — it takes 30 seconds, you just have to press the On button. It makes me think [boAt] was asleep at the wheel.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Attack on Consumer Electronics Manufacturer boAt Leaks Data on 7.5M Customers