In yet another data breach, sensitive information of almost 3.25 lakh clients of India-based global cryptocurrency exchange and wallet, BuyUcoin, have been exposed on the Dark Web. The information leak incorporates names, emails, mobile numbers, encrypted passwords, user wallet details, order details, bank details, KYC details (PAN number, passport numbers), and deposit history.
Established in July of 2016, BuyUcoin is a crypto wallet and trade stage where merchants and purchasers can transact with digital assets like bitcoin, ethereum, ripple, and so forth. It is based out of Delhi-NCR in India.
As per independent cybersecurity researcher Rajshekhar Rajaharia, the 6GB document on the MongoDB database contains three backup files containing BuyUcoin information.
"This is a serious hack as key financial, banking and KYC details have been leaked on the Dark Web," Rajaharia said and shared some screenshots of the leaked information.
The leaked information could be utilized by attackers to run fraudulent assaults against people, the researcher said. He likewise added that the information could empower hackers to comprehend the credit score of the victims utilizing transaction details.
Researchers at cybersecurity firm Kela Research and Strategy Ltd originally found the stolen information, connected on a similar forum, from Wongnai Media Co Ltd, Tuned Global Pvt Ltd, BuyUcoin, Wappalyzer, Teespring Inc and Bonobos.com, which looks at the craftsmanship of scandalous hacking group ShinyHunters. "Over this past summer, ShinyHunters was seen publishing leaked information for free, uncovering a large number of individual records from all over the world," Victoria Kivilevich, threat intelligence analyst at Kela Research told.
As per Rajaharia, the hacker is the same who earlier leaked BigBasket and JusPay information in India. In November a year ago, one of India's well-known online supermarkets BigBasket found that its information of more than 20 million clients had been hacked and was on sale on the dark web for more than $40,000. Recently, Bengaluru-based digital payments gateway JusPay said that about 3.5 crore records with masked card information and card fingerprint were compromised by the hacker.
While denying the leak, BuyUcoin CEO and Co-founder Shivam Thakral said, “We would like to reiterate the fact that only dummy data of 200 entries were impacted which was immediately recovered and secured by our automated security systems.”