BuyUcoin, India-based cryptocurrency exchange and wallet, is facing a major cyber attack as data of nearly 3.25 lakh users of has been exposed on the Dark Web, IANS reported.
The data leaked include names, e-mails, mobile numbers, encrypted passwords, user wallet details, order details, bank details, KYC details (PAN number, passport numbers) and deposit history.
The 6GB file on MongoDB database contains three backup files containing BuyUcoin data, according to independent cyber security researcher Rajshekhar Rajaharia.
This is a serious hack as key financial, banking and KYC details have been leaked on the Dark Web.
Researchers at cyber security firm Kela Research and Strategy first discovered the stolen data, linked on the same forum, from Wongnai Media, Tuned Global, BuyUcoin, Wappalyzer, Teespring and Bonobos.com, which looks the handiwork of infamous hacking group ShinyHunters.
“Over this past summer, ShinyHunters was seen publishing leaked data for free, exposing millions of personal records from all over the world,” Victoria Kivilevich, threat intelligence analyst at Kela Research, told SiliconANGLE.
BuyUcoin was yet to react to the report.
The hacker is the same who earlier leaked BigBasket and JusPay data in India, according to Rajaharia.
In November last year, one of India’s popular online grocery stores BigBasket found that its data of over 20 million users had been hacked and were on sale on the dark web for over $40,000.
“Now, the same hacker group is asking about $10,000 in Bitcoin for the BigBasket database and is also selling the three companies’ databases,” Rajaharia said.
Rajaharia said that three Indian companies — e-marketplace ClickIndia, fintech startup for small business owners ChqBook and wedding planning website WedMeGood — were also hacked possibly by the same hacker.