wordpress blog stats
Connect with us

Hi, what are you looking for?


Upstox suffers hack, data of 25 lakh users up for sale on dark web


Stock market broker Upstox in a statement acknowledged a data breach after an independent cybersecurity researcher tweeted that the firm’s customer data was on sale on the dark web. The company has apparently upgraded its security systems now and has assured retail investors that their holdings are safe.

While Upstox is yet to confirm the details, it is learnt that the hackers have sought a ransom of $1.2 million (Rs 9 crore) to not publicise the user data. The data of some one lakh Indian investors has already been made public as a warning. We have reached out to Upstox for comment, we will update this post if we receive a response.

The security breach was first reported by Rajshekhar Rajaharia, an independent internet security researcher, who claims that data of some 25 lakh users and 5.6 crores Know Your Customer (KYC) data have been leaked. The leaked user data includes names, birthdates, PAN, passport and photos of user signatures, among other things, Rajshekhar told Medianama.

However, Upstox did not clarify the impact of the data breach in its statement. The broker said it restricted access to the impacted database, enhanced security for third-party data warehouses, separated user data from financial assets, and has set up a real-time monitoring system. It has also initiated a password reset using OTP.

“We are further amping up our industry-class bug bounty program to encourage ethical hackers to stress test our systems and protocols and help us identify any vulnerabilities from time to time,” Upstox said in its announcement.

Advertisement. Scroll to continue reading.

Rajshekhar said the hack was carried out by a hacker group called ShinyHunters. This is the same group that targeted payments provider Juspay and grocery shopping app BigBasket. ShinyHunters allegedly used Amazon AWS Keys to access Upstox servers. “The hacker group has access to over a thousand Amazon AWS Keys which it is randomly using to find big companies and then leak their data for a ransom,” Rajshekhar told Medianama. Rajshekhar said he was touch with the hacker group over Telegram and confirmed that they were seeking a ransom from Upstox.

The hack is the fourth such incident in the past few weeks after data breaches at Facebook, LinkedIn and MobiKwik. Upstox said it has informed relevant authorities about the incident, but did not clarify when learned of the data breach. The company allegedly reported the event to India’s Computer Emergency Response Team on March 31, reported Entrackr, implying that the company was aware of the breach for nearly two weeks before it alerted its users.

It is not also known when exactly the hackers gained access to Upstox servers. Back in February, Upstox suffered an outage for two consecutive days which the company blamed on hardware issues. It is not known if the two events are related.

Also read:

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.


When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.


The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...


By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

You May Also Like


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ