Indian Crypto Exchange Buyucoin Hacked, Sensitive Data of 325K Users Reportedly Leaked

Indian cryptocurrency securities exchange Buyucoin has reportedly been hacked and sensitive data of about 325,000 users has reportedly been leaked onto the dull web. According to reports, the leaked data includes personal information, encrypted passwords, user wallet details, position details, bank details, PAN numbers, passport numbers, and deposit histories.

Indian Cryptocurrency Exchange Hacked

Buyucoin, a Delhi NCR-based cryptocurrency argument, has reportedly been hacked. The exchange has more than 350K registered users and has facilitated over $500 million in cryptocurrency interchanges, according to its website. Several local news outlets reported that sensitive data of about 325K guys has been dumped onto the dark web. IANS publication detailed on Friday:

The data leaked include names, e-mails, movable numbers, encrypted passwords, user wallet details, order details, bank details, KYC details (PAN number, passport calculates) and deposit history.

Independent cybersecurity researcher Rajshekhar Rajaharia explained to the publication that the 6GB file on MongoDB database carries three backup files with Buyucoin data. The researcher also found his own information that he used to forge an account on the platform last year among the leaked data. “This is a serious hack as key financial, banking and KYC particularizes have been leaked on the dark web,” Rajaharia was quoted as saying.

On Twitter, a number of users said that their facts was leaked. Rajaharia tweeted: “Trading in cryptocurrency? 3.5 Lakh Users data including me leaked from Buyucoin. The leaked information contains name, email, mobile, bank account numbers, PAN number, wallets details etc. Again didn’t aware of to affected users by company.”

Buyucoin is the latest victim of the infamous hacker group Shinyhunters, which has been leaking databases for able on well-known English-speaking forums, according to the Economic Times. The group also leaked data of e-grocer Big Basket, educative technology platform Unacademy and payment aggregator Juspay.

Israel-based darknet threat intelligence provider KELA settled the leak to the publication. The firm’s threat intelligence analyst Victoria Kivilevich explained that “These records are now put about on the dark web and available for use by other cyber criminals.” She added that they can use the data for anything from “phishing scams to attaining admin privileges and access into corporate networks if corporate credentials have been leaked.”

Buyucoin Is Investigating the Break

Since reports of the security breach emerged, Buyucoin has released two official statements on the matter. The first was written by its CEO, Shivam Thakral. He indited: “In the mid of 2020, while conducting a routine testing exercise with dummy data, we faced a ‘low impact security episode’ in which non-sensitive, dummy data of only 200 entries were impacted. We would like to clarify that not unchanging a single customer was affected during the incident.”

Rajaharia responded to the exchange’s official statement in a tweet: “Such an careless statement by Buyucoin. I am your registered and KYC verified user. You leaked my own data too. Please change your statement asap. What if someone hardened my account in any illegal activity. Please inform your users right now.”

The Buyucoin CEO’s message was subsequently replaced with a divergent one by the exchange. “Regarding the media report,” Buyucoin wrote:

We are thoroughly investigating each and every aspect of the report around malicious and unlawful cybercrime activities by foreign entities in mid-2020.

There have been no further updates from the transfer at press time.

What do you think about this Buyucoin hack? Let us know in the comments section below.

Image Credits: Shutterstock, Pixabay, Wiki Commons, Ado