The Indian cryptocurrency exchange Buyucoin has reportedly been hacked, and confidential data of around 325,000 users have been reportedly leaked to the dark internet. According to reports, the leaked data includes personal information, encrypted passwords, user wallet details, order details, bank details, PAN numbers, passport numbers and deposit histories.
Indian cryptocurrency exchange hacked
Buyucoin, a Delhi-based cryptocurrency exchange, has reportedly been hacked. The exchange has more than 350,000 registered users and, according to its website, has enabled over $ 500 million worth of cryptocurrency deals. Several local news outlets reported that around 325,000 customers’ sensitive data was posted on the dark internet. IANS release on Friday:
The leaked data includes names, emails, mobile phone numbers, encrypted passwords, user wallet details, order details, bank details, KYC details (PAN number, passport numbers) and deposit history.
Independent cybersecurity researcher Rajshekhar Rajaharia told the publication that the 6GB file in the MongoDB database contains three backup files of Buyucoin data. The researcher also found his own information, which he used last year to create an account on the platform under the leaked data. “This is a serious hack as important financial, banking and KYC details have been leaked on the dark web,” Rajaharia was quoted as saying.
On Twitter, some users said their information was leaked. Rajaharia tweeted, “Cryptocurrency Trading? 3.5 lakh user data including me leaked from Buyucoin. The leaked data included name, email, mobile phone, bank account number, PAN number, wallet details, etc. Again, the affected users were not informed by the company. “
Buyucoin is the latest victim of the notorious hacker group Shinyhunters, which, according to the Economic Times, has published databases in popular English-language forums for free. The group has also released data from E-Grocer Big Basket, education technology platform Unacademy, and payment aggregator Juspay.
Israel-based darknet threat intelligence provider KELA confirmed the leak in the publication. The company’s threat intelligence analyst Victoria Kivilevich said, “These records are now being shared on the dark internet and available to other cybercriminals.” to access to corporate networks if corporate credentials are lost “.
Buyucoin is investigating the violation
Since reports of the breach, Buyucoin has issued two official statements on the matter. The first was written by its CEO Shivam Thakral. He wrote: “In mid-2020, while conducting a routine test exercise with dummy data, we had a low impact security incident involving non-sensitive dummy data with only 200 entries. We want to make it clear that not even a single customer was affected during the incident. “
Rajaharia responded to the exchange’s official statement in a tweet: “Such an irresponsible statement from Buyucoin. I am your registered and KYC verified user. They also leaked my own data. Please change your statement as soon as possible. What if someone used my account for illegal activity? Please inform your users now. “
The message of the Buyucoin CEO was subsequently replaced by another by the exchange. “Regarding the media report,” Buyucoin wrote:
We thoroughly investigate every aspect of the report on malicious and unlawful cybercrime by foreign companies in mid-2020.
At the time of going to press, there were no further updates from the exchange.
What do you think of this Buyucoin hack? Let us know in the comments below.
Tags in this story
Bitcoin Exchange, Buyucoin, Buyucoin Hacked, Cryptocurrency Exchange, Customer Data, Dark Web, Data Leak, Hacker, Indian Crypto Exchange, Indian Exchange Hacked, Security Breach
Photo credit: Shutterstock, Pixabay, Wiki Commons, Twitter
Disclaimer of liability: This article is for informational purposes only. It is not a direct offer or an invitation to make an offer to buy or sell, or a recommendation or approval of products, services or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author are directly or indirectly responsible for any damage or loss caused or allegedly caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.