Banking and KYC info of lakhs of customers of BuyUcoin, which trades bitcoin and different cryptocurrencies, has allegedly been leaked on the darkish internet. The small print included the names, e mail addresses, cell numbers, order info, and deposit historical past of customers, based on a safety researcher. The info dump obtainable on the darkish Internet additionally seems to have financial institution particulars together with financial institution names and account numbers, in addition to know-your-customer (KYC) info that features PAN and passport numbers of the individuals utilizing BuyUcoin platform. The corporate has nonetheless denied the leak and stated the surfaced knowledge dump was of some dummy accounts.
Cybersecurity researcher Rajshekhar Rajaharia instructed Devices 360 that he discovered the info dump on the darkish Internet earlier this week. It included the small print of greater than three lakh BuyUcoin customers, he stated. The Delhi-NCR-based firm claims to have over 3.5 lakh customers in whole.
The researcher stated BuyUcoin appeared to have confronted a knowledge breach in September final 12 months that resulted within the newest leak on the dark Web. Alongside person particulars, the info dump included a folder with admin credentials that might be used to entry the server, he famous.
The leaked knowledge might be utilized by dangerous actors to run fraudulent assaults in opposition to people, the researcher stated. He additionally added that the info may additionally allow hackers to grasp the credit score rating of the victims utilizing transaction particulars.
BuyUcoin CEO and Co-founder Shivam Thakral denied the leak. “We wish to reiterate the truth that solely dummy knowledge of 200 entries was impacted which was instantly recovered and secured by our automated safety programs,” he instructed Devices 360 over e mail.
Nonetheless this won’t be right, as an individual whose knowledge was revealed within the knowledge dump got here ahead to Devices 360 and stated that their financial institution and KYC particulars have been revealed.
“What if a nasty actor would use any of the leaked person accounts in any unlawful crypto exercise?” requested Rajaharia whereas countering the corporate’s rejection of the info leak. “Who shall be accountable in such a case? Crypto knowledge leak could grow to be a really severe challenge as the info might be utilized in unlawful actions in some ways in such instances. It is the corporate’s accountability to tell affected customers and shield knowledge as a substitute of constructing any false claims.”
Thakral nonetheless denied the leak once more, and responded by saying that it was only a hoax to defame the corporate.
“These individuals who reached out to journalists are mates of hackers, they’re simply exhibiting our e mail IDs are there,” he stated. “This does not make sense to me.” However part of the info dump, as seen by Devices 360, contained these particulars for an enormous variety of customers, so it seems to be an actual dump, and hopefully the corporate is investigating the matter.
No bitcoins or another cryptocurrencies seem to have been stolen within the leak. Nonetheless, up to now, there have been cases of cryptocurrency exchanges and wallets getting hacked and bitcoins being stolen.
In April 2020, a hacker exploited a safety flaw in Bisq bitcoin change and stole more than $250,000 (roughly Rs. 1.82 crores) price of cryptocurrency from customers. Binance, one of many main cryptocurrency change platforms, additionally noticed a data breach in May 2019 through which hackers have been in a position to steal over $40 million (roughly Rs. 290 crores).
What would be the most enjoyable tech launch of 2021? We mentioned this on Orbital, our weekly know-how podcast, which you’ll subscribe to by way of Apple Podcasts, Google Podcasts, or RSS, download the episode, or simply hit the play button beneath.