More Indian casualties of the infamous hacking group ShinyHunters have emerged. The group has allegedly leaked a 6 GB data dump of Indian crypto exchange BuyUCoin on the dark web, where it is available for download for free. The leaked data contains information for 3.25 lakh users, a little less than the number of users that BuyUCoin claims to have served.
According to cybersecurity researcher Rajshekhar Rajaharia, who first alerted Inc42 of the development, the data is contained in a MongoDB database, which is used by many modern apps. The leaked database contains sensitive information such as users’ names, phone numbers, email addresses, PAN numbers, as well as bank details such as account number, IFSC code and the type of account. It is worth noting that BuyUCoin collects such information from users who make a deposit on the exchange platform to purchase cryptocurrencies.
Screenshots of the leaked database also reveal the BuyUCoin referral codes for some users, along with details of their trading activities on the crypto exchange. According to Rajaharia, who is also an affected user, data till September 2020 is contained in the leaked database.
While names, phone numbers and email addresses are mostly used for large-scale phishing campaigns, the fact that certain bank details of users have also been leaked from BuyUCoin is of grave concern.
Over the last few months, ShinyHunters has leaked user data from various Indian companies such as Juspay, Clickindia, Chqbook and Bigbasket among others. As with these other instances, the BuyUCoin data also appears to have been leaked through a breach of the company’s server, since the leaked data is in the form of a dump.
Responding to Inc42‘s queries, BuyUCoin claimed no data breach had taken place. “In the mid of 2020, while conducting a routine testing exercise with dummy data, we faced a ‘Low Impact Security Incident’ in which non-sensitive, dummy data of only 200 entries was impacted. We would like to clarify that not even a single customer was affected during the incident,” read the company statement.
However, as found out by Inc42, this claim is not true, since the genuine user data for cybersecurity researcher Rajaharia was also included in the leaked database. The authenticity of the leaked data for other users couldn’t be ascertained.
Founded in 2016 by Atulya Bhatt, Devesh Aggrawal and Shivam Thakral, BuyUCoin is a New Delhi-based crypto exchange which claims to have processed digital currency trades worth $500 Mn. The platform supports more than 50 leading cryptocurrencies, including Bitcoin, Ethereum and Ripple.
In March last year, BuyUCoin forayed into the global crypto market when it was granted the crypto trade and wallet license in Estonia. That same month, the company’s CEO Shivam Thakral announced that BuyUCoin would integrate with Indian digital payments wallet Mobikwik, with the latter being offered as a payment option for users on the crypto exchange.
India’s Poor Cybersecurity Track Record
Earlier this month, Indian payments processor Juspay, which powers the payment gateways of major companies such as Amazon, Uber and Ola in India, saw data from 10 Cr digital payments transactions leaked in one of the biggest data breaches to affect an Indian company.
These data breaches have come to light, just as 2020 has come to a close, a year when India witnessed a rapid rise in phishing and social engineering, ransomware, distributed denial of service or DDoS, and several other kinds of cyberattacks on its companies. According to the Ministry of Electronics and Information Technology (MeitY), Indian citizens, commercial and legal entities faced 7 Lakh cyberattacks till August 2020 alone, nearly double the number of cyberattacks in 2019 — 3.94 Lakh.
Online grocery platform BigBasket, Google-backed hyperlocal delivery platform Dunzo, restaurant chain owner Haldirams, edtech platform Edureka, online travel marketplace RailYatri and even the personal website of Prime Minister Narendra Modi suffered data breaches in 2020, with the data on some of these websites being subsequently leaked on the dark web where it was available for purchase.
Cybersecurity experts Inc42 spoke to, were of the opinion that the rapid rise in cyberattacks on Indian companies can be attributed to the shift to work from home (WFH) for most companies amid the Covid-19 pandemic. Indian’s geopolitical tensions with its neighbours China and Pakistan in the year gone by may also be to blame for the spate of cyberattacks.
Update – January 21, 2021, 8:15 pm: The earlier version of the story incorrectly mentioned the number of affected users as 3.5 lakh. The same has been corrected to 3.25 lakh.
BuyUCoin’s response was added.