wordpress blog stats
Connect with us

Hi, what are you looking for?

Massive data leak from crypto-exchange BuyUCoin; company refutes claims

password

Large troves of personal and sensitive data belonging to investors on crypto-currency exchange BuyUCoin has been leaked on the dark web. The data leak was uploaded on Wednesday night by the notorious hacking group ShinyHunters and pertains to a backup of the crypto-exchanges database in September 2020. However, in response to queries sent by MediaNama, BuyUCoin refuted the allegations stating that only a limited amount of data was compromised and that it was immediately recovered and secured by the company’s automated security systems.

Cyber-security researcher Rajshekhar Rajaharia told MediaNama that the data leak contains sensitive information like users’ name, email address, mobile numbers, password, crypto-wallet details, order details and deposit history. Further, screenshots of the leak reveal that bank account details including the bank name, account number, IFSC code and type of account has been exposed in the data dump, in addition to Know-Your-Customer (KYC) information collected by BuyUCoin.

“ShinyHunters was responsible for other data dumps belonging to Indian companies like Juspay and BigBasket. While this group usually puts up the data on the dark web for sale, this time they have uploaded the files for free. Even my account details were leaked,” Rajaharia said. “The data contained in a MongoDB database was backed up by the group in June, July and September last year,” he said. Rajaharia added that a quick look of the data dump, around 6GB large, shows that 3.25 lakh users’ details may have been leaked, although there could be repetitions in the file.

According to a source close to the development, BuyUCoin has around 2.9 lakh users of which 95,000 have completed the full-KYC requirements and around 40,000 actively trade on the platform. This person spoke on the condition of anonymity.

“In the mid of 2020, while conducting a routine testing exercise with dummy data, we faced a ‘Low Impact Security Incident’ in which non-sensitive, dummy data of only 200 entries was impacted. We would like to clarify that not even a single customer was affected during the incident,” BuyUCoin said.

The New-Delhi based crypto-exchange was founded by 2016 by Atulya Bhatt, Devesh Agarwal and Shivam Thakral. Last year, it expanded globally after it received an operating license in Estonia and has partnered with payments wallet MobiKwik allowing users to buy crypto-currencies through their credit and debit cards, MobiKwik wallet, and net banking. According to CoinGecko, the exchange processes around $3 million worth of trades on a daily basis as of date.

“We would like to assure our customers that all the transactions on our platform take place in a highly encrypted environment. Our technical team constantly conducts routine security checks to ensure that our customer data is completely secure. We are aware of the high level security threats which exists in today’s world and we continuously upgrade our software and systems to neutralize such malicious and unlawful cyberattacks,” BuyUCoin said.

BuyUCoin upgrades security standards

In an updated statement on Friday, BuyUCoin said that it is “thoroughly investigating each and every aspect of the report about malicious and unlawful cybercrime activities” that foreign entities undertook last year. The company has upgraded its security standards and has enabled a three-factor-authentication system for users’ trading accounts.

The company says that users should have a strong password and use OTPs for account verification, they should use Google’s 2FA authentication system and enable a six-digital trading pin for transaction verification. Further, every transaction on the crypto-exchange will now require an OTP verification sent to the users’ email address, it said.

“All our user’s portfolio assets are safe and sound within a secure environment. 95% of user’s funds are kept in cold storage, inaccessible to any server breach. Based on the internal investigation, we will be keeping you updated with the proceedings and conduct a major cybersecurity overhaul throughout 2021 to upgrade platform security,” the company said.

Also read

(Updated January 22, 2021 3:05 pm. Updated with statement from BuyUCoin on upgrades to its security standards. Originally published January 22, 2021 at 11:44 am)

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....

News

By Anand Venkatanarayanan                         There has been enough commentary about the Indian IT...

News

By Rahul Rai and Shruti Aji Murali The Indian antitrust regulator, the Competition Commission of India (CCI) has a little more than a decade...

News

By Stella Joseph, Prakhil Mishra, and Surabhi Prabhudesai The recent difference of opinions between the Government and Twitter brings to fore the increasing scrutiny...

News

This article is being posted here courtesy of The Wire, where it was originally published on June 17.  By Saksham Singh The St Petersburg paradox,...

You May Also Like

News

WazirX denied its involvement in the scam and maintained that it followed strict guidelines; in another case, the trading platform was served a show-cause...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ