ShinyHunters dump partial database of broker firm Upstox

The hacker(s) behind the breach is ShinyHunters while their target Upstox is India’s second-largest discount brokerage firm.
ShinyHunters dump partial database of broker firm Upstox

ShinyHunters claims Upstox is negotiating with them.

Upstox, a tech-first low-cost broking firm in India has issued an alert to inform customers about a data breach that took place between March and April 2021. The retail broking firm claims that funds and securities are safe and unaffected by the breach.

SEE: Online trading broker FBS exposes 20TB of data, 16 billion records

On its website, the company’s co-founder and CEO Ravi Kumar confirmed that some of the KYC (Know Your Client) data was stored in a third-party warehouse. 

“Funds can only be moved to your linked bank accounts and your securities are held with the relevant depositories. As a matter of abundant caution, we have also initiated a secure password reset via OTP. Through this time, we have also strongly fortified our systems to the highest standards.”

Upstox has restricted access to the breached database and added multiple security layers at all third-party warehouses. As of now, the company hasn’t revealed the number of customers affected by the breach.

ShinyHunters in action

The hacker behind the breach is ShinyHunters who published partial stolen data from Upstox and claimed that the reason behind dumping the data was to send a message to the company.

ShinyHunters added that Upstox did not respond to them when the company was informed about the breach.

However, since the company has admitted on Sunday that its databases had been breached, ShinyHunters has removed the download links from Raid Forums, an infamous hacker forum, and revealed that Upstox has responded and “negotiations” are in process.

What data was leaked? has seen the data and it can be confirmed that it included the following information:

  • Names
  • City
  • State
  • Zipcodes
  • Last login date
  • Phone numbers
  • 100,000 Email addresses
  • Hashed passwords
  • Date of birth
  • Bank Details
  • Device used by a user
  • Date of account creation
  • KYC (Passport, PAN, Cancelled Cheque, Sign Pics.)

Sample data

Investigation Underway

Upstox states that after learning about unauthorized access to their database, they appointed a reputed international cybersecurity firm to investigate the reasons behind the breach. They also acknowledged that hackers had posted a sample of the company’s data online.

Moreover, Upton has now enabled 24×7 real-time monitoring and added ring-fencing to its network.

Stock Broking Firms The New Target of Hackers

Cybercriminals seem to be running out of options and opportunities, given the advancement in security solutions. Perhaps that’s why they have set their eyes on stockbroking firms after targeting e-commerce sites and other lucrative platforms.

SEE: Hackers leak Airtel India user data, Aadhaar numbers

Companies that fail to adopt high-tech and stringent security measures fall prey to the hackers’ malicious tactics. The same seems to be the case with Upstox, India’s second-largest discount brokerage firm, as per the number of active clients. The company boasts over 3 million users and is backed by mainstream Indian investors like Ratan Tata.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Related Posts