Tags in this story
Bitcoin exchange, Buyucoin, Buyucoin hacked, Cryptocurrency Exchange, customer data, dark web, data leakage, hacking, Indian crypto exchange, Indian exchange hacked, security breach
According to reports, the Indian cryptocurrency exchange Buyucoin was hacked, and it was reported that the sensitive data of approximately 325,000 users leaked onto the dark web. According to the report, the leaked data included personal information, encrypted passwords, user wallet details, order details, bank details, PAN numbers, passport numbers and deposit records.
According to reports, the Delhi NCR-based cryptocurrency exchange Buyucoin was hacked. According to its website, the exchange has more than 350,000 registered users and facilitated more than $500 million in cryptocurrency transactions. Several local news media reported that approximately 325K of sensitive customer data has been dumped on the dark web. IANS detailed on Friday:
The leaked data includes name, email, mobile phone number, encryption password, user wallet details, order details, bank details, KYC details (PAN number, passport number) and deposit history.
Independent cybersecurity researcher Rajshekhar Rajaharia explained to the publication that the 6GB file on the MongoDB database contains three backup files containing Buyucoin data. The researcher also discovered his own information, which he used in leaked data to create an account on the platform last year. Rajaharia was quoted as saying: “This is a serious hacking attack because key financial, banking and KYC details have been leaked on the dark web.”
On Twitter, many users said that their information was leaked.Rajaria Tweet“Transaction in cryptocurrency? 3.5 100,000 users including my user data leaked from Buyucoin. The leaked data included names, emails, mobile phones, bank account numbers, PAN numbers, wallet details, etc. Also, the company did not notify the affected User.”
According to the Economic Times, Buyucoin is the latest victim of the notorious hacker organization Shinyhunters, which has been leaking databases for free on well-known English forums. The team also leaked data from e-shopper Big Basket, education technology platform Unacademy and payment aggregator Juspay.
KELA, an Israeli dark web threat intelligence provider, confirmed the disclosure of the publication. The company’s threat intelligence analyst Victoria Kivilevich explained: “These records are now circulating on the dark web and can be used by other cyber criminals.” She added that they can use the data for “Phishing scams to gain administrator privileges and access the company network if company credentials are leaked.”
Since reports of security breaches appeared, Buyucoin has issued two official statements on the matter. The first one was written by its CEO Shivam Thakral. He wrote: “In mid-2020, while we were conducting routine tests on virtual data, we encountered a’low impact security incident’ in which only 200 items of non-sensitive virtual data were affected. We want to clarify The thing is, not even a single customer was affected during the incident.”
Rajaharia responded to the exchange’s official statement in a tweet: “This irresponsible statement of Buyucoin. I am your registered user and have passed the KYC verification. You have also leaked my own data. Please change yours as soon as possible. Disclaimer. What if someone uses my account for any illegal activity. Please notify your users immediately.”
The exchange replaced the Buyucoin CEO’s information with another information. “Regarding media reports,” Buyucoin wrote:
We will thoroughly investigate all aspects of malicious and illegal cybercriminal activities carried out by foreign entities in the report in mid-2020.
As of press time, the exchange had no further updates.
What do you think of this Buyucoin hacker? Let us know in the comments section below.
Picture Credits: Shutterstock, Pixabay, Wiki Commons, Twitter
Disclaimer: This article is for reference only. It is not a direct offer or solicitation of an offer, nor is it a recommendation or endorsement of any product, service or company. Bitcoin.com does not provide investment, tax, legal or accounting advice. For the use or reliance on any content, goods or services mentioned in this article or any loss or loss related to it, the company or the author shall not directly or indirectly bear any responsibility.