Data of more than 300,000 users of Indian cryptocurrency exchange BuyUCoin leaked following a breach of the platform
BuyUCoin experienced a data breach, and information of nearly 325,000 was leaked according to a report from the Indian news outlet Inc42. According to the Inc42 report, a hacking group called ShinyHunters leaked a database containing the affected BuyUCoin users’ information.
The database contains details of the users, including their names, phone numbers, email addresses, tax identification numbers and bank account details. BuyUCoin initially claimed that no single customer was affected by the data breach, adding that it was nothing more than a rumour.
In its press release, BuyUCoin claimed that it had investigated the various aspects of the hackers’ malicious and unlawful cybercrime activities and found out that user funds were safe and secure on their platform. The funds weren’t affected as the exchange keeps 95% of them in a cold storage wallet.
“Based on the internal investigation, we will be keeping you updated with the proceedings and conduct a major cybersecurity overhaul throughout 2021 to upgrade platform security”, BuyUCoin added.
Although no funds have been reportedly affected, the hackers went for the users’ data instead. According to Inc42, the hackers have allegedly leaked a 6 GB data dump of BuyUCoin users on the dark web, where the information is available to download for free.
Cybersecurity researcher Rajshekhar Rajaharia was the first to notify Inc42 and revealed that the data is contained in a MongoDB database. Rajaharia tweeted that he was one of the affected users.
The researcher tweeted that “3.5 Lakh users data including me leaked from @BuyUCoin. The leaked data contains Name, Email, Mobile, bank account numbers, PAN Number, Wallets Details etc.”.
Rajaharia lamented that the exchange is yet to inform its users that their data have been compromised. The cryptocurrency exchange is yet to issue a statement on the alleged leaking of user data from its platform.
A report from Bleeping Computers yesterday claimed that the leaked data contains information of only 161,487 BuyUCoin members instead of 325,000 as reported by Inc42. In June and July last year, cryptocurrency wallet provider Ledger experienced a data breach that affected 272,853 people. Some users have reported receiving phishing emails, while others have reportedly lost funds.