wordpress blog stats
Connect with us

Hi, what are you looking for?


Upstox suffers hack, data of 25 lakh users up for sale on dark web


Stock market broker Upstox in a statement acknowledged a data breach after an independent cybersecurity researcher tweeted that the firm’s customer data was on sale on the dark web. The company has apparently upgraded its security systems now and has assured retail investors that their holdings are safe.

While Upstox is yet to confirm the details, it is learnt that the hackers have sought a ransom of $1.2 million (Rs 9 crore) to not publicise the user data. The data of some one lakh Indian investors has already been made public as a warning. We have reached out to Upstox for comment, we will update this post if we receive a response.

The security breach was first reported by Rajshekhar Rajaharia, an independent internet security researcher, who claims that data of some 25 lakh users and 5.6 crores Know Your Customer (KYC) data have been leaked. The leaked user data includes names, birthdates, PAN, passport and photos of user signatures, among other things, Rajshekhar told Medianama.

However, Upstox did not clarify the impact of the data breach in its statement. The broker said it restricted access to the impacted database, enhanced security for third-party data warehouses, separated user data from financial assets, and has set up a real-time monitoring system. It has also initiated a password reset using OTP.

“We are further amping up our industry-class bug bounty program to encourage ethical hackers to stress test our systems and protocols and help us identify any vulnerabilities from time to time,” Upstox said in its announcement.

Advertisement. Scroll to continue reading.

Rajshekhar said the hack was carried out by a hacker group called ShinyHunters. This is the same group that targeted payments provider Juspay and grocery shopping app BigBasket. ShinyHunters allegedly used Amazon AWS Keys to access Upstox servers. “The hacker group has access to over a thousand Amazon AWS Keys which it is randomly using to find big companies and then leak their data for a ransom,” Rajshekhar told Medianama. Rajshekhar said he was touch with the hacker group over Telegram and confirmed that they were seeking a ransom from Upstox.

The hack is the fourth such incident in the past few weeks after data breaches at Facebook, LinkedIn and MobiKwik. Upstox said it has informed relevant authorities about the incident, but did not clarify when learned of the data breach. The company allegedly reported the event to India’s Computer Emergency Response Team on March 31, reported Entrackr, implying that the company was aware of the breach for nearly two weeks before it alerted its users.

It is not also known when exactly the hackers gained access to Upstox servers. Back in February, Upstox suffered an outage for two consecutive days which the company blamed on hardware issues. It is not known if the two events are related.

Also read:

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...


Releasing the policy is akin to putting the proverbial 'cart before the horse'.


The industry's growth is being weighed down by taxation and legal uncertainty.


Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ