in ,

Indian Crypto Exchange BuyUcoin Hacked, data of over 3 lakh users leaked

0 0
Read Time:2 Minute, 8 Second

Sensitive data of nearly 3.25 lakh users of India-based global cryptocurrency exchange and wallet, BuyUcoin, was exposed on the Dark Web is yet another data breach.

Names, e-mails, mobile numbers, encrypted passwords, user wallet information, order details, bank details, KYC details (PAN number, passport numbers), and deposit history are included in the leaked data.

The 6GB file on the MongoDB database contains three backup files containing BuyUcoin data, according to independent cybersecurity researcher Rajshekhar Rajaharia.

“This is a serious hack as key financial, banking and KYC details have been leaked on the Dark Web,” Rajaharia told IANS and shared some screenshots of the leaked data.

Researchers at cybersecurity company Kela Research and Strategy Ltd first discovered the stolen data, connected on the same forum, from Wongnai Media Co Ltd, Tuned Global Pvt Ltd, BuyUcoin, Wappalyzer, Teespring Inc and Bonobos.com, which looks the handiwork of notorious hacking community ShinyHunters.

Victoria Kivilevich, the threat intelligence analyst at Kela Research, told SiliconANGLE, “Over this past summer, ShinyHunters was seen publishing leaked data for free, exposing millions of personal records from all over the world,”

“We have seen collaborators of Shiny Hunters selling and leaking other dumps in the recent months.”

BuyUcoin was still unable to respond to the report.

1,9 million user records stolen from the free Pixlr online photo editing program have also been leaked by ShinyHunters.

The hacker is the same one who previously leaked data from BigBasket and JusPay in India, according to Rajaharia.

One of India’s popular online grocery stores, BigBasket, discovered in November last year that its data of over 20 million customers had been hacked and for over $40,000 was on sale on the dark web.

“Now, the same hacker group is asking about $10,000 in Bitcoin for the BigBasket database and is also selling the three companies’ databases,” Rajaharia said.

“There is a strong connection between all these recent data leaks, including BigBasket,” he added.

Bengaluru-based digital payments gateway JusPay said earlier this month that the hacker compromised about 3.5 crore records with masked card data and card fingerprint.

Rajaharia also revealed that three Indian companies — ClickIndia e-marketplace, ChqBook fintech start-up for small business owners, and WedMeGood wedding planning website — were also potentially hacked by the same hacker.

‘Nearly 80 lakh ClickIndia users (name, e-mail, mobile and other personal information), 10 lakh ChqBook users (name, e-mail, mobile, full address and other personal information) and 13 lakh WedMeGood users (name, e-mail, hashed password, other sensitive personal information),’ Rajaharia revealed.

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

What do you think?

Written by Jasspreet Kaur

Leave a Reply

Your email address will not be published.

GIPHY App Key not set. Please check settings

Netflix hits record after subscribers leap past 200 million

Oil industry reels as Joe Biden targets fossil fuels in first days