The info leaked embrace names, e-mails, cell numbers, encrypted passwords, person pockets particulars, order particulars, financial institution particulars, KYC particulars (PAN quantity, passport numbers) and deposit historical past.
In keeping with impartial cyber safety researcher Rajshekhar Rajaharia, the 6GB file on MongoDB database accommodates three backup information containing BuyUcoin knowledge.
“This can be a critical hack as key monetary, banking and KYC particulars have been leaked on the Darkish Internet,” Rajaharia informed IANS and shared some screenshots of the leaked knowledge.
Researchers at cyber safety agency Kela Analysis and Technique Ltd first found the stolen knowledge, linked on the identical discussion board, from Wongnai Media Co Ltd, Tuned International Pvt Ltd, BuyUcoin, Wappalyzer, Teespring Inc and Bonobos.com, which seems to be the handiwork of notorious hacking group ShinyHunters.
“Over this previous summer season, ShinyHunters was seen publishing leaked knowledge totally free, exposing tens of millions of non-public information from everywhere in the world,” Victoria Kivilevich, risk intelligence analyst at Kela Analysis, informed SiliconANGLE.
“We have now seen collaborators of Shiny Hunters promoting and leaking different dumps within the current months.”
BuyUcoin was but to react to the report.
ShinyHunters has additionally leaked 1.9 million person information stolen from free on-line picture enhancing utility Pixlr.
In keeping with Rajaharia, the hacker is similar who earlier leaked BigBasket and JusPay knowledge in India.
In November final 12 months, one in every of India’s well-liked on-line grocery shops BigBasket discovered that its knowledge of over 20 million customers had been hacked and had been on sale on the darkish internet for over $40,000.
“Now, the identical hacker group is asking about $10,000 in Bitcoin for the BigBasket database and can be promoting the three corporations’ databases,” Rajaharia stated.
“There’s a sturdy connection between all these current knowledge leaks, together with BigBasket,” he added.
Earlier this month, Bengaluru-based digital funds gateway JusPay stated that about 3.5 crore information with masked card knowledge and card fingerprint had been compromised by the hacker.
Rajaharia additionally disclosed that three Indian corporations — e-marketplace ClickIndia, fintech startup for small enterprise house owners ChqBook and wedding ceremony planning web site WedMeGood — had been additionally hacked presumably by the identical hacker.
“Practically 80 lakh customers of ClickIndia (identify, e-mail, cell and different private particulars), 10 lakh customers of ChqBook (identify, e-mail, cell, full handle and different private particulars) and 13 lakh customers of WedMeGood (identify, e-mail, hashed password, different delicate private data),” Rajaharia had revealed.