ShinyHunters attack digital stockbroking firm Upstox

ShinyHunters has attacked digital stockbroking firm Upstox exposing personal details of 2.5-3 million users.
Upstox security incidentUpstox said the financial details of its users are completely safe. However, cyber security researchers said at least 2.5-3 million users may be affected.

Security researcher Rajshekhar Rajaharia said the cyber security incident is done by ShinyHunters.

ShinyHunters is behind several hacking incidents involving top Indian companies (including Bigbasket, BuyUcoin and JusPay). Rajshekhar Rajaharia said data of 25-30 lakh Upstox users and KYC files of 5.5 crore users may have been leaked.

The Tiger Global-backed Upstox claimed that the funds and securities are protected and remain safe.  Upstox said it has upgraded the security systems, based on the recommendations of a global cyber-security firm.

“We brought in the expertise of this globally renowned firm after we received emails claiming unauthorised access into our database. These claims suggested that some contact data and KYC details may have been compromised from third-party data-warehouse systems,” Upstox said.

“As a matter of abundant caution, we have also initiated a secure password reset via OTP,” Upstox said.

Rajaharia said the breached database includes bank account details, mobile numbers, pictures of users’ signature, Aadhaar, PAN and passport etc.

Ravi Kumar, co-founder and CEO of Upstox, said the company takes security and privacy very seriously.

Sonit Jain, CEO of GajShield Infotech, said: “Being aware of where customer data is located and protecting it, is a must for every organisation, however big or small they maybe. Data security should not be a one-time effort, enterprises need to have a real time visibility to their threat surface and data flows.”

ShinyHunters has been involved in several data breaches recently, including allegedly leaking sensitive data of nearly 3.25 lakh users of Delhi-NCR based global cryptocurrency exchange and wallet, BuyUcoin, on the Dark Web.

The hacker has also leaked 19 lakh user records stolen from free online photo editing application Pixlr.

Related News

Latest News

Latest News