In yet another data breach, sensitive data of nearly 3.25 lakh users of India-based global cryptocurrency exchange and wallet, BuyUcoin, have been exposed on the Dark Web.
The data leaked include names, e-mails, mobile numbers, encrypted passwords, user wallet details, order details, bank details, KYC details (PAN number, passport numbers) and deposit history.
According to independent cyber security researcher Rajshekhar Rajaharia, the 6GB file on MongoDB database contains three backup files containing BuyUcoin data.
"This is a serious hack as key financial, banking and KYC details have been leaked on the Dark Web," Rajaharia told IANS and shared some screenshots of the leaked data.
Researchers at cyber security firm Kela Research and Strategy Ltd first discovered the stolen data, linked on the same forum, from Wongnai Media Co Ltd, Tuned Global Pvt Ltd, BuyUcoin, Wappalyzer, Teespring Inc and Bonobos.com, which looks the handiwork of infamous hacking group ShinyHunters.
"Over this past summer, ShinyHunters was seen publishing leaked data for free, exposing millions of personal records from all over the world," Victoria Kivilevich, threat intelligence analyst at Kela Research, told SiliconANGLE.
"We have seen collaborators of Shiny Hunters selling and leaking other dumps in the recent months."
BuyUcoin was yet to react to the report.
ShinyHunters has also leaked 1.9 million user records stolen from free online photo editing application Pixlr.
According to Rajaharia, the hacker is the same who earlier leaked BigBasket and JusPay data in India.
In November last year, one of India's popular online grocery stores BigBasket found that its data of over 20 million users had been hacked and were on sale on the dark web for over $40,000.
"Now, the same hacker group is asking about $10,000 in Bitcoin for the BigBasket database and is also selling the three companies' databases," Rajaharia said.
"There is a strong connection between all these recent data leaks, including BigBasket," he added.
Earlier this month, Bengaluru-based digital payments gateway JusPay said that about 3.5 crore records with masked card data and card fingerprint were compromised by the hacker.
Rajaharia also disclosed that three Indian companies -- e-marketplace ClickIndia, fintech startup for small business owners ChqBook and wedding planning website WedMeGood -- were also hacked possibly by the same hacker.
"Nearly 80 lakh users of ClickIndia (name, email, mobile and other personal details), 10 lakh users of ChqBook (name, email, mobile, full address and other personal details) and 13 lakh users of WedMeGood (name, email, hashed password, other sensitive personal information)," Rajaharia had revealed.
--IANS
na/vd
Dear Reader,
Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.
As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.
Support quality journalism and subscribe to Business Standard.
Digital Editor
RECOMMENDED FOR YOU