NEW DELHI: Sensitive financial details, including bank accounts and KYC documents of nearly 3.3 lakh Indian users, were allegedly leaked on the dark web by a hacker group on Wednesday, according to independent cyber security researcher Rajshekhar Rajaharia. The alleged leak was the result of a breach in the database of cryptocurrency exchange company, BuyUCoin.
In an email response to TOI, BuyUCoin denied that there was a breach in its database. Rajaharia, however, said that ShinyHunters, the hacker group which had also claimed responsibility for the Juspay breach, was behind the leak. The group has dumped 6 GB of Indian crypto users on the dark web for free. He shared screenshots of the data dump with TOI.
The allegedly leaked database contains people’s user names, phone numbers, PAN numbers, email addresses, their bank details, including IFSC code and the type of account. BuyUCoin collects this information to purchase cryptocurrencies.
“The leaked data contains sensitive information, which can be used by hackers to make transactions in cryptocurrency. In such a case, the onus is on the firm to inform its users that there has been a breach,” Rajaharia said, adding that cryptocurrency exchange is largely unregulated in India and there needs to be stronger oversight around it.
In an email response, Buy-UCoin told TOI, “In the mid of 2020, while conducting a routine testing exercise with dummy data, we faced a ‘Low Impact Security Incident’ in which non-sensitive, dummy data of only 200 entries was impacted. We would like to clarify that not a single customer was affected.” The firm also said “BuyUCoin rejects incorrect information in some media reports that data of 3.5 lakh users was compromised”.