On May 16, a Twitter account @Cyber_Huntss posted a tweet (archived here) claiming a data leak from the Zivame website, an online shopping portal for women’s lingerie. The tweet said that 1.5 million Hindu girls’ information including names, contacts, and addresses had been leaked.
It further alleged that these details have been given to Muslims.
A screenshot was attached to the tweet, hiding the names of two individuals whose information was allegedly released.
The user also tagged Kapil Mishra, a Bharatiya Janata Party Leader, and stated that he had shared the details with him. The tweet has garnered 1.1 million views, 8415 likes, and 5536 retweets till now.
Zivame is an online lingerie shopping website, with a percentage stake owned by Reliance Retail, which is owned by Mukesh Ambani.
The National Commission for Women (NCW) took notice of a tweet posted by an account named @kalingaforum. This account also shared the screenshot of the tweet originally posted by @Cyber_Huntss.
The notice to Zivame by NCW said that the suo moto cognizance of a tweet (archived here) by Kalinga Rights Forum (@kalingaforum) alleging data breach by Zivame of 1.5 million Hindu girls to Islamic groups for targeted harassment, love jihad, woman trafficking, and abduction.
It is to be noted that there is no mention of "love Jihad," woman trafficking, or abduction in the tweet by @Kalingaforum.
BOOM found out that the sample data of 1500 users of Zivame was being sold on a Telegram channel named Shadowhacker Leaks and a website named Controlc.com.
It was easy to establish that the leaked data included not only Hindu girls but also Muslim girls, as @Cyber_Huntss had posted a screenshot of the data of the first two users out of 1500 that we had accessed.
In the screenshot of the private data of the first two users posted by @Cyber_Huntss, one user had a Muslim name and the other had a Hindu name. To establish this we compared our screenshot with his and found that all the visible letters matched.
The first three letters 'Van' of the first name matched in both screenshots, and the words 'nagar' and 'Rajasthan' in the first user's address also matched. Additionally, the word 'nehru' in the address of the second user matched. Therefore, we were able to establish that the claims made by @Cyber_Huntss were misleading and that the data of both Muslim and Hindu users had been compromised.
In the same data sample, there were at least 100 more names belonging to Muslim and Sikh individuals, along with other private details.
On 30 May, @Cyber_Huntss aka Sanjay Soni who was posing as a whistleblower, asking women to be aware and calling out zivame.com for a data breach of its users was arrested by Rajasthan Police for alleged data theft, outraging religious sentiments, and promoting enmity between groups.
On a complaint of two employees from Reliance Retail an FIR was lodged against Sanjay Soni (@Cyber_Hunts). The complaint has alleged that “On the date of 24.04.2023, a hacker contacted our company's email ID, security@zivame.com, from the email ID shadowhacker3@proton.me, stating that they have hacked our server and stolen the data of approximately 1.5 million customers out of a total of 9.2 million customers.”
It further said, “On the date of 16.05.2023, at 12:41 PM, a tweet was posted by the Twitter account @cyberh_untss, tagging Zivame.com company, claiming that the data of 1.5 million Hindu girls has been leaked from Zivame.com company and is being sent to Muslim people and Islamic countries. On the date of 24.05.2023, the hacker once again contacted Zivame.com company, this time from the email ID anonymousehaacker@proton.me, and stated that due to the weakness in their system, they can access the data of Hindu girls and made threats, demanding a ransom. On the date of 25.05.2023, the email sent to us was posted on the internet, and shortly after, the same email was posted on Twitter by the account @cyberhuntss.”
The complainant has also alleged that the hacker is causing a disruption in communal harmony by claiming the data to be of Hindu girls. “This act is tarnishing the reputation of our company and causing undue harm,” the complaint said.
The Rajasthan Police told BOOM that one Cyber Daku (a Twitter handle) extorted 1500 US dollars from Zivame, out of which 1000 US dollars were transferred to Sanjay Soni. These transactions were carried out through cryptocurrency.
It has not been determined yet whether Sanjay Soni was directly involved in hacking or if he was merely involved in purchasing and selling user data from Zivame.
At least five cyber-related police cases have been found against Sanjay Soni including in Bengaluru and Mumbai, the police told BOOM.
Soni has been charged under section 66 of the Information and Technology Act, 2008, which pertains to data breach and under IPC section 295-A(deliberate and malicious intention of outraging the religious feelings of a community) and 153-A(Promoting enmity between different groups on ground of religion, race, place of birth, residence, language, etc).
He has a history of sharing such tweets.
On May 25, in yet another attempt at communal propaganda, the Twitter account @Cyber_Huntss tweeted (archived here) claiming that the data of approximately 40 lakh Hindu women had been leaked from the Indian Railways Catering and Tourism Corporation (IRCTC) website and subsequently sold on the dark web, deep web, and in Muslim countries. In order to give a communal spin to his claim, the account asked in its tweet, "Has anyone come to know the reason for the steep increase in the cases of love jihad these days? How do Jihadis obtain the contact numbers of girls? To find out, please refer to the screenshots below."
The screenshots display Excel sheets containing columns for Name, Email, Mobile address, and other details.
Denying the claim, the IRCTC official Twitter account replied to @cyber_hunts denying this claim. "The data given in the screenshot is not related to IRCTC and IRCTC user data is completely safe,” IRCTC said. The tweet by Cyber_huntss is still there and has received 662 thousand views, 8817 likes, and 5528 retweets.
@Cyber_Huntss whose real name is Sanjay Soni is a Jaipur resident. He has more than 41.8 thousand followers on Twitter. Although his blue tick doesn't appear in front of his name, he has blue tick features like tweets exceeding 280 letters. Most of his tweets are either supporting Bharatiya Janata Party leaders and its ideology or trolling and using slurs against Muslims.
Soni last came in the news for couriering pork to Fact Checker of Alt News, Mohammad Zubair's address during Ramadan. On April 9, @Cyber_Huntss tweeted about sending a 400 gram packet of pork to Zubair, which resulted in the disclosure of Zubair's address in Bengaluru. However, the tweet was deleted later. An FIR was lodged in Bengaluru against @Cyber_Huntss.
According to reports Sanjay Soni pursued Bachelor's in Computer Application from a private college in Udaipur. He has also worked for 3 years in Gulf countries. After returning to India he started posing himself as nationalist and Hindutva activist online. There are at least 4 criminal cases against him including in Lucknow and Rajasthan.