Data Of Over 3 Lakh Users Leaked From Indian Crypto Exchange BuyUCoin

Data Of Over 3 Lakh Users Leaked From Indian Crypto Exchange BuyUCoin


The leaked data contains information for 3.25 lakh users, which is the exact number of users that BuyUCoin claims to have

The leaked data is contained in a MongoDB dump, which is a popular database for modern apps

The leaked data contains sensitive information such as users’ bank account numbers, IFSC codes, and the type of bank accounts

More Indian casualties of the infamous hacking group ShinyHunters have emerged. The group has allegedly leaked a 6 GB data dump of Indian crypto exchange BuyUCoin on the dark web, where it is available for download for free. The leaked data contains information for 3.25 lakh users, a little less than the number of users that BuyUCoin claims to have served

According to cybersecurity researcher Rajshekhar Rajaharia, who first alerted Inc42 of the development, the data is contained in a MongoDB database, which is used by many modern apps. The leaked database contains sensitive information such as users’ names, phone numbers, email addresses, PAN numbers, as well as bank details such as account number, IFSC code and the type of account. It is worth noting that BuyUCoin collects such information from users who make a deposit on the exchange platform to purchase cryptocurrencies. 

Screenshots of the leaked database also reveal the BuyUCoin referral codes for some users, along with details of their trading activities on the crypto exchange. According to Rajaharia, who is also an affected user, data till September 2020 is contained in the leaked database. 

While names, phone numbers and email addresses are mostly used for large-scale phishing campaigns, the fact that certain bank details of users have also been leaked from BuyUCoin is of grave concern.

Over the last few months, ShinyHunters has leaked user data from various Indian companies such as Juspay, Clickindia, Chqbook and Bigbasket among others. As with these other instances, the BuyUCoin data also appears to have been leaked through a breach of the company’s server, since the leaked data is in the form of a dump. 

Responding to Inc42‘s queries, BuyUCoin claimed no data breach had taken place. “In the mid of 2020, while conducting a routine testing exercise with dummy data, we faced a ‘Low Impact Security Incident’ in which non-sensitive, dummy data of only 200 entries was impacted. We would like to clarify that not even a single customer was affected during the incident,” read the company statement.

However, as found out by Inc42, this claim is not true, since the genuine user data for cybersecurity researcher Rajaharia was also included in the leaked database. The authenticity of the leaked data for other users couldn’t be ascertained.

Founded in 2016 by Atulya Bhatt, Devesh Aggrawal and Shivam Thakral, BuyUCoin is a New Delhi-based crypto exchange which claims to have processed digital currency trades worth $500 Mn. The platform supports more than 50 leading cryptocurrencies, including Bitcoin, Ethereum and Ripple. 

In March last year, BuyUCoin forayed into the global crypto market when it was granted the crypto trade and wallet license in Estonia. That same month, the company’s CEO Shivam Thakral announced that BuyUCoin would integrate with Indian digital payments wallet Mobikwik, with the latter being offered as a payment option for users on the crypto exchange.

India’s Poor Cybersecurity Track Record

Earlier this month, Indian payments processor Juspay, which powers the payment gateways of major companies such as Amazon, Uber and Ola in India, saw data from 10 Cr digital payments transactions leaked in one of the biggest data breaches to affect an Indian company.

These data breaches have come to light, just as 2020 has come to a close, a year when India witnessed a rapid rise in phishing and social engineering, ransomware, distributed denial of service or DDoS, and several other kinds of cyberattacks on its companies. According to the Ministry of Electronics and Information Technology (MeitY), Indian citizens, commercial and legal entities faced 7 Lakh cyberattacks till August 2020 alone, nearly double the number of cyberattacks in 2019 — 3.94 Lakh.

Online grocery platform BigBasket, Google-backed hyperlocal delivery platform Dunzo, restaurant chain owner Haldirams, edtech platform Edureka, online travel marketplace RailYatri and even the personal website of Prime Minister Narendra Modi suffered data breaches in 2020, with the data on some of these websites being subsequently leaked on the dark web where it was available for purchase.

Cybersecurity experts Inc42 spoke to, were of the opinion that the rapid rise in cyberattacks on Indian companies can be attributed to the shift to work from home (WFH) for most companies amid the Covid-19 pandemic. Indian’s geopolitical tensions with its neighbours China and Pakistan in the year gone by may also be to blame for the spate of cyberattacks. 

Update – January 21, 2021, 8:15 pm: The earlier version of the story incorrectly mentioned the number of affected users as 3.5 lakh. The same has been corrected to 3.25 lakh. 

BuyUCoin’s response was added.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

Unlock 60% OFF
Cancel Anytime
Unlock 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Data Of Over 3 Lakh Users Leaked From Indian Crypto Exchange BuyUCoin-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Data Of Over 3 Lakh Users Leaked From Indian Crypto Exchange BuyUCoin-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Data Of Over 3 Lakh Users Leaked From Indian Crypto Exchange BuyUCoin-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Data Of Over 3 Lakh Users Leaked From Indian Crypto Exchange BuyUCoin-Inc42 Media
Data Of Over 3 Lakh Users Leaked From Indian Crypto Exchange BuyUCoin-Inc42 Media
You’re in Good company