BENGALURU: Indian startups are growing alarmingly pregnable for cybercriminals who look to exploit the vulnerabilities in their feeble IT infrastructure to steal critical consumer data along with passwords and financial details, according to a report.

A UK-based data security firm—BugsBounty.com noted that 72 out of 100 major startups in the country were careless while implementing or upholding promising security practices or procedures.

While the report chose to omit the names of the companies, it did confirm they were spread across sectors like eCommerce, classifieds, finance, healthcare, and food.

As the number of internet users in the country has grown exponentially with network carriers seeking to provide affordable internet to all and sundry, consumer-centric startups have seen their business roar. Sharing of details like address and phone numbers in order to make purchases online—be it ordering food or payment of bills, has become commonplace. Contemporary users have become much more relaxed about making purchases on the web, with the rise of affordable technologies.

"We have been speaking to some of these firms. We have warned them that they may be liable to pay massive compensation to users who’s 'personal' and 'sensitive' data they store including passwords and financial information," BugsBounty.com director Ankush Johar told PTI.

Johri said, since billions of dollars of investor money is riding on these ventures, the companies may have to pay out as much as Rs 5 crore in case of a data breach. This is in accordance with the Section 43A (Compensation for failure to protect data) of Indian IT Act.

"Also, 22 out of the 100 were found to have web server software vulnerabilities that pertain to software on their servers that is known to have bugs, but these startups have not patched those," he said.

Critical entities on their server like software code, and databases are put at risk because of this, he added.

Johar continued to state the extent of these threats are even higher now with mobile penetration towering.

Users on their part should change their passwords regularly or keep different sets of passwords for banking or email.

"They shouldn't share any extra information that is not critical for the companies," he said.

Read Also: Nasscom to Set Up Warehouse in Vishakhapatnam Under Startup Plan

4 Indian Startups Providing Online Medical Delivery