According to the latest news today, Buyucoin, a cryptocurrency exchange in India, was hacked. According to reports, the sensitive data of about 325,000 users was leaked to the dark web. The leaked data included personal information, encrypted passwords, user wallet details, and order details. , bank details, PAN number, passport number and deposit records etc.

Indian cryptocurrency exchange hacked

text

Details from the IANS report:

The leaked data included names, emails, mobile numbers, encrypted passwords, user wallet details, order details, bank details, KYC details (PAN number, passport number) and deposit history.

Independent cybersecurity researcher Rajshekhar Rajaharia said the 6GB file on the MongoDB database contained three backup files containing Buyucoin data. The researcher also found information about himself, which he used in the leaked data last year to create an account on the platform. Rajaharia was quoted as saying: "This is a serious hack as key financial, banking and KYC details have been leaked on the dark web."

On Twitter, many users said their information was leaked. Rajaharia also tweeted: "Still want to trade on a cryptocurrency exchange? 350,000 users (including myself) have their user data leaked from Buyucoin. The leaked data includes name, email, mobile phone, bank account number, PAN number, Wallet details, etc. Also, the company did not notify the affected users.”

According to The Economic Times, Buyucoin is the latest victim of the notorious hacking group Shinyhunters, which has been leaking databases for free on prominent English-language forums. The group also leaked data from e-shopper Big Basket, education technology platform Unacademy and payments aggregator Juspay.

Israel-based darknet threat intelligence provider KELA confirmed the publication's leak. "These records are now circulating on the dark web and can be used by other cybercriminals," explained Victoria Kivilevich, the firm's threat intelligence analyst. She added that they could use the data to for "phishing scams to gain administrator privileges and gain access to corporate networks if corporate credentials are compromised."

Buyucoin is investigating the breach

Since reports of the security breach emerged, Buyucoin has issued two official statements on the matter. The first was written by its CEO, Shivam Thakral. He wrote: "In mid-2020, while performing routine testing on dummy data, we encountered a 'low-impact security incident' in which only 200 entries of non-sensitive dummy data were affected. What we would like to clarify Yes, not even a single customer was affected during the incident."

“Regarding media reports, we will thoroughly investigate all aspects of malicious and illegal cybercrime activities conducted by foreign entities in mid-2020.” — Buyucoin Official Response

Rajaharia responded to the exchange’s official statement in a tweet: “Buyucoin’s official statement is very irresponsible. I am your registered user and have passed KYC verification. You have now leaked my data. If anyone is involved in any illegal activities What about using my account in ? Please notify all of your users immediately and please change the official statement as soon as possible."

As of 3:00 pm (Beijing time) today, there is no further update from the Buyucoin exchange.

Reference：https://news.bitcoin.com