The number of data breaches from various apps and websites in Nepal has been increasing in recent days. After Foodmandu, Vianet, Mercantile Communications, and Prabhu Money Transfer’s data breach claim, hacker on twitter have claimed that he possibly hacked E-Sewa’s data.
After the tweet got viral, E-Sewa immediately responded urging every user to change their web password.
A twitter account @Aparich95406002 on twitter posted a screengrab of the alleged data breach of E-sewa that consists of Email addresses, censored passwords, and money available in the particular E-sewa wallet.
The twitter post reads “@eSewaNepal Good step with requesting all users to change pass. But don’t you think its late?? Should have used OTP in web login before. Just a demo for your Datas. Check the Length and first letter of password if you want to verify. Sorry for those whose data is leaked below.”
However, there is no any official statement from E-Sewa on this.
Recently, E-Sewa has been certified with ISO 27001, with which it claims to ultra safe data security management, guaranteed confidentiality, integrity and availability and prevention & mitigation of security breaches.
Update: E-Sewa has released official statement on the very issue.