[ad_1]
Banking and KYC data of lakhs of customers of BuyUcoin, which trades bitcoin and different cryptocurrencies, has allegedly been leaked on the darkish net. The particulars included the names, e-mail addresses, cellular numbers, order data, and deposit historical past of customers, in response to a safety researcher. The knowledge dump out there on the darkish Web additionally seems to have financial institution particulars together with financial institution names and account numbers, in addition to know-your-buyer (KYC) data that features PAN and passport numbers of the individuals utilizing BuyUcoin platform. The firm has nevertheless denied the leak and stated the surfaced knowledge dump was of some dummy accounts.
Cybersecurity researcher Rajshekhar Rajaharia advised Gadgets 360 that he discovered the info dump on the darkish Web earlier this week. It included the main points of greater than three lakh BuyUcoin customers, he stated. The Delhi-NCR-based mostly firm claims to have over 3.5 lakh customers in whole.
The researcher stated BuyUcoin appeared to have confronted a knowledge breach in September final 12 months that resulted within the newest leak on the darkish Web. Alongside consumer particulars, the info dump included a folder with admin credentials that might be used to entry the server, he famous.
Rajaharia said that the dump was posted on the darkish Web by Shiny Hunters, the hacker group that allegedly leaked the info of BigBasket and JusPay within the latest previous.
The leaked knowledge might be utilized by dangerous actors to run fraudulent assaults towards people, the researcher stated. He additionally added that the info might additionally allow hackers to know the credit score rating of the victims utilizing transaction particulars.
BuyUcoin CEO and Co-founder Shivam Thakral denied the leak. โWe would like to reiterate the fact that only dummy data of 200 entries was impacted which was immediately recovered and secured by our automated security systems,โ he advised Gadgets 360 over e-mail.
However this may not be right, as an individual whose knowledge was revealed within the knowledge dump got here ahead to Gadgets 360 and stated that their financial institution and KYC particulars had been revealed.
โWhat if a bad actor would use any of the leaked user accounts in any illegal crypto activity?โ requested Rajaharia whereas countering the corporateโs rejection of the info leak. โWho will be responsible in such a case? Crypto data leak may become a very serious issue as the data could be used in illegal activities in many ways in such cases. Itโs the companyโs responsibility to inform affected users and protect data instead of making any false claims.โ
Thakral nevertheless denied the leak once more, and responded by saying that it was only a hoax to defame the corporate.
โThese people who reached out to journalists are friends of hackers, they are just showing our email IDs are there,โ he stated. โThis doesnโt make sense to me.โ But an element of the info dump, as seen by Gadgets 360, contained these particulars for an enormous quantity of customers, so it seems to be an actual dump, and hopefully the corporate is investigating the matter.
No bitcoins or some other cryptocurrencies seem to have been stolen within the leak. However, prior to now, there have been situations of cryptocurrency exchanges and wallets getting hacked and bitcoins being stolen.
In April 2020, a hacker exploited a safety flaw in Bisq bitcoin trade and stole greater than $250,000 (roughly Rs. 1.82 crores) value of cryptocurrency from customers. Binance, one of the main cryptocurrency trade platforms, additionally noticed a knowledge breach in May 2019 through which hackers had been capable of steal over $40 million (roughly Rs. 290 crores).
What would be the most enjoyable tech launch of 2021? We mentioned this on Orbital, our weekly know-how podcast, which you’ll subscribe to by way of Apple Podcasts, Google Podcasts, or RSS, obtain the episode, or simply hit the play button under.