Home News India’s Data Breach Saga Continues; Country’s Second Largest Stockbroker, Upstox, Hit!

India’s Data Breach Saga Continues; Country’s Second Largest Stockbroker, Upstox, Hit!

India’s second largest stockbroker, Upstox, has reportedly suffered a data breach that affected nearly 2.5 million of its users. The leak came to light when the notorious threat group “ShinyHunters” put the compromised data for sale on the dark web.

Upstox data breach

The dust of the MobiKwik data breach was just beginning to settle as another data breach takes center stage. This time it is India’s second-largest stockbroker, Upstox. Out of the total user base of nearly three million users, reportedly two and a half million were affected in the alleged data breach. Indian security researcher Rajshekhar Rajaharia (who also disclosed the MobiKwik data breach) brought it to light when he tweeted that the notorious threat group “ShinyHunters,” was behind the leak.

Related News:

Security Researchers Call Out MobiKwik for KYC Data Leak

Details on the Data Breach

Rajaharia attached morphed screenshots of various leaked KYC (know your customer) details, which Upstox had collected while opening the user accounts on their stockbroking platform. As per the information disclosed, the following details were leaked:

  • Full Names
  • Email
  • Date of Birth
  • PAN (Permanent Account Number)
  • KYC details including copies of passport, canceled cheques, signature pics, etc.

According to Rajaharia, Upstox’s data leak reason is similar to the MobiKwik incident. In both cases, the company’s Amazon Web Service (AWS) key was compromised, which led to illicit access to its database.

Upstox CEO Addresses the Issue

On the other hand, Upstox has neither confirmed nor denied the data breach. However, the company’s co-founder and CEO, Ravi Kumar announced on its website that “enhanced security measures” have been taken for Upstox user accounts “in light of recent events.” Kumar added that Upstox has roped in a global cybersecurity firm to increase the manifolds in its security system.

While Kumar did not confirm the claims, he did suggest that, as per claims from security experts, “some contact data and KYC details may have been compromised from third-party data-warehouse systems.” Also, further assuring his users, he exclaimed that none of the platform users’ funds and securities were compromised and are safe and protected.

Upstox has already reported the incident to the relevant authorities and is taking all preventive measures, including real-time monitoring and restricted access to the allegedly impacted database. Further throwing caution to the wind, Upstox has also initiated a secure password reset to all its users via OTP.

Aditya Narang, Co-founder & MD, SafeHouse Technologies, told CISO MAG, “It is quite unfortunate to witness data breaches time and again. We have seen how cybercrimes and attacks are on the rise for the last couple of months. Data breaches at Facebook, Linkedin, Mobikwik, and now Upstox! It is time that the users accept that hackers out there are innovating methods to hack them and leave their data vulnerable on the dark web. While organizations are trying to find solutions to protect their stakeholders, these stakeholders also need a real-time security for their digital identity especially in today’s times.”

Related News:

Alleged Facebook Data Leak Affects 6 Mn Indian Users