Indian cryptocurrency exchange Buyucoin has reportedly been hacked and sensitive data of about 325,000 users has reportedly been leaked onto the dark web. According to reports, the leaked data includes personal information, encrypted passwords, user wallet details, order details, bank details, PAN numbers, passport numbers and deposit histories.
Indian cryptocurrency exchange hacked
Buyucoin, a Delhi NCR-based cryptocurrency exchange, has reportedly been hacked. The exchange has more than 350,000 registered users and has enabled more than $ 500 million in cryptocurrency transactions, according to its website. Several local news outlets reported that sensitive data from approximately 325,000 customers has been dumped on the dark web. IANS publication detailed on Friday:
The leaked data includes names, emails, mobile numbers, encrypted passwords, user wallet data, order details, bank details, KYC details (PAN number, passport numbers) and deposit history.
Independent cybersecurity researcher Rajshekhar Rajaharia explained to the publication that the 6GB file in the MongoDB database contains three backup files of Buyucoin data. Among the leaked data, the researcher also found his own information that he used to create an account on the platform last year. “This is a serious hack as important financial, banking and KYC data has been leaked on the dark web,” said Rajaharia.
On Twitter, a number of users said their information had been leaked. Rajaharia tweeted: “Trading in cryptocurrency? 3.5 Lakh user data, including me, leaked from Buyucoin. The leaked data includes name, email, mobile, bank account numbers, PAN number, wallet details etc. Again not informed by the company to the affected users. “
Buyucoin is the latest victim of the infamous hacker group Shinyhunters, which has leaked free databases on well-known English-language forums, according to the Economic Times. The group also leaked data from e-grocery Big Basket, education technology platform Unacademy, and payment aggregator Juspay.
Israel-based darknet threat intelligence provider KELA confirmed the leak in the publication. Victoria Kivilevich, the company’s threat intelligence analyst, explained, “This data is now circulating on the dark web and available for use by other cyber criminals.” She added that they could use the data for everything from “phishing attacks to obtaining administrative rights and accessing corporate networks if corporate credentials are leaked.”
Buyucoin is investigating the violation
Since reports of the security breach emerged, Buyucoin has released two official statements on the matter. The first was written by the CEO, Shivam Thakral. He wrote, “In mid-2020, while conducting a routine test exercise with dummy data, we encountered a ‘low impact security incident’ affecting non-sensitive, dummy data from only 200 entries. We would like to make it clear that not even a single customer was affected during the incident. “
Rajaharia responded to the exchange’s official statement in a tweet, “Such an irresponsible statement from Buyucoin. I am your registered and KYC verified user. You also leaked my own data. Change your statement asap. What if someone has used my account for illegal activities? Inform your users right now. “
The message from Buyucoin’s CEO was subsequently replaced by another one by the exchange. Regarding the media report, Buyucoin wrote:
We are thoroughly examining every aspect of the report on malicious and unlawful cybercrime activity by foreign entities in mid-2020.
There have been no further updates to the exchange during the press.
What do you think of this Buyucoin hack? Let us know in the comments below.
Image Credits: Shutterstock, Pixabay, Wiki Commons, Twitter
Disclaimer: This article is for informational purposes only. It is not a direct offer or invitation to an offer to buy or sell, or a recommendation or endorsement of products, services, or companies. Bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.