While the world seems to struggle with the pandemic, hackers are in full swing. After Facebook, LinkedIn and MobiKwik this time it’s Upstox which has been targeted by hackers. The data of 2.5 million users of the brokerage firm is breached and uploaded on the dark web for sale.
An independent cybersecurity researcher Rajshekhar Rajaharia first tweeted about the data breach and later the stock market broker firm acknowledged the data breach. However, the company has assured the customers about the safety of their holdings and stocks after updating the security systems.
Rajshekhar claimed the breach was carried out by the hacker group called ShinyHunters.
The hacker group had earlier targeted payments provider Juspay and grocery app BigBasket using the Amazon AWS keys. With access to over a thousand Amazon AWS keys, they have randomly targeted big companies.
The report reveals that personal data of over 2.5 million users and 50.6 million KYC data has been leaked and put up for sale. The data includes names, PAN, passport, photos, signatures, birthdates, etc.
Upstox has gained popularity with the lowering data rates and growing use of smartphones. With over 3 million users, it is the second-largest stock brokerage firm in India after Zerodha in terms of active investors. The company is backed by investors like Ratan Tata and Tiger Global. Recently, it signed up with the Board for Control of Cricket in India (BCCI) to become one of the sponsors of IPL.
CEO Ravi Kumar of Upstox assured the clients that their funds could only be transferred to the linked bank accounts and the securities are also held with safe depositors. He further added that the company has amended the security systems as per the highest norms and also initiated a secure password reset via OTP.
The company has also strengthened its bounty program to detect any vulnerabilities in the security system. Third-party warehouses are being closely monitored all the time as well.