Upstox Tiptoes Around Data Breach Impacting 2.5 Mn Users, But Upgrades Security System

Upstox Tiptoes Around Data Breach Impacting 2.5 Mn Users, But Upgrades Security System

SUMMARY

Upstox says it has upgraded its systems on the recommendations of a global cybersecurity firm after receiving claims of unauthorised access to its database

According to cybersecurity researcher Rajshekhar Rajaharia, 2.5 Mn users were affected and 56 Mn KYC data files were leaked

Leaked data includes email, date of birth, passport, PAN details and more

Online discount broking platform Upstox suffered a massive data breach affecting the personal data of 2.5 Mn of its customers, according to several media reports on Sunday (April 11, 2021). Thereafter, the company admitted that earlier claims about the data breach were right and it has since enhanced its cybersecurity systems.

According to cybersecurity researcher Rajshekhar Rajaharia, 2.5 Mn users were affected and 56 Mn KYC data files were leaked — including email, date of birth, passport, PAN etc — by hacker group ShinyHunters. 

The hacking group is rumoured to have been behind multiple data breaches of Indian startups over the past one year such as Dunzo, BigBasket, JusPay, ChqBook, among others.

“We have upgraded our security systems manifold recently, on the recommendations of a global cyber-security firm. We brought in the expertise of this globally renowned firm after we received emails claiming unauthorized access into our database. These claims suggested that some contact data and KYC details may have been compromised from third-party data-warehouse systems,” said the company on its blog. 

The Upstox data leak comes at a time when cybersecurity breaches seem to have picked pace in the past few months —  from the data leak of 100 Mn Mobikwik users to 500 Mn+ Facebook users (of which 6 Mn were Indian accounts) to over 500 Mn LinkedIn users.

In one of the biggest data breaches in India, in March, Gurugram-based fintech company MobiKwik was rocked by the allegations of data of over 100 Mn users being leaked. The allegation that was repeatedly denied by the company also led to a warning by the RBI who ordered an external auditor to conduct a forensic audit on the breach.

Last week, Microsoft-owned LinkedIn denied the breach, but Cyber News had reported that scraped data of over 500 Mn LinkedIn users was put for sale on a hacker forum. The data up for sale included account IDs, full names, email addresses, phone numbers, workplace information and links to social media accounts among other details.

In the case of Facebook, leaked data of 533 Mn users was posted for free on hacking forums and included the date of joining, place of work, names, gender, occupation and relationship status of users. The breach affected 6 Mn Indian users and included details such as phone numbers, Facebook IDs, full names, locations, birthdates, bios, and in some cases email addresses. The social media giant told media agencies that the leak was related to a vulnerability that the company patched in 2019.

Similarly, in November last year, data from ‘iimjobs.com’ which included encrypted passwords of 1.4 Mn registered users was allegedly leaked on the dark web.

A report by IBM’s ‘Cost of a Data Breach Report 2020’ states that Indian companies witnessed an average $2 Mn total cost of a data breach in 2020, representing an increase of 9.4% from 2019.  A total of over 26,100 Indian websites were hacked last year alone as per the data recorded by the state-owned Indian Computer Emergency Response Team (CERT-In).

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Upstox Tiptoes Around Data Breach Impacting 2.5 Mn Users, But Upgrades Security System-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Upstox Tiptoes Around Data Breach Impacting 2.5 Mn Users, But Upgrades Security System-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Upstox Tiptoes Around Data Breach Impacting 2.5 Mn Users, But Upgrades Security System-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Upstox Tiptoes Around Data Breach Impacting 2.5 Mn Users, But Upgrades Security System-Inc42 Media
Upstox Tiptoes Around Data Breach Impacting 2.5 Mn Users, But Upgrades Security System-Inc42 Media
You’re in Good company