Large troves of personal and sensitive data belonging to investors on crypto-currency exchange BuyUCoin has been leaked on the dark web. The data leak was uploaded on Wednesday night by the notorious hacking group ShinyHunters and pertains to a backup of the crypto-exchanges database in September 2020. However, in response to queries sent by MediaNama, BuyUCoin refuted the allegations stating that only a limited amount of data was compromised and that it was immediately recovered and secured by the company's automated security systems. Cyber-security researcher Rajshekhar Rajaharia told MediaNama that the data leak contains sensitive information like users' name, email address, mobile numbers, password, crypto-wallet details, order details and deposit history. Further, screenshots of the leak reveal that bank account details including the bank name, account number, IFSC code and type of account has been exposed in the data dump, in addition to Know-Your-Customer (KYC) information collected by BuyUCoin. "ShinyHunters was responsible for other data dumps belonging to Indian companies like Juspay and BigBasket. While this group usually puts up the data on the dark web for sale, this time they have uploaded the files for free. Even my account details were leaked," Rajaharia said. "The data contained in a MongoDB database was backed up by the group in June, July and September last year," he said. Rajaharia added that a quick look of the data dump, around 6GB large, shows that 3.25 lakh users' details may have been leaked, although there could be repetitions in the file. According to…
