Last year, Indian crypto exchange BuyUCoin became the victim of a hack when cybercriminals breached the platform’s security. While the no crypto funds were stolen, the hackers have recently leaked the personal data of hundreds of thousands of the platform’s users.
The personal data of thousands of users of the crypto exchange BuyUCoin, which was breached in mid-2020, was leaked by a hacker group known as ShinyHunter, according to Indian news outlet Inc42. The publication was first informed of the leak by cybersecurity researcher Rajshekhar Rajaharia who revealed that the personal data of the platform’s users was contained in a MongoDB database file that can be downloaded for free.
“The leaked database contains sensitive information such as users’ names, phone numbers, email addresses, PAN numbers, as well as bank details such as account number, IFSC code, and the type of account," Inc42 wrote. "It is worth noting that BuyUCoin collects such information from users who make a deposit on the exchange platform to purchase cryptocurrencies."
It is yet unclear just how many users of the crypto exchange are affected by the leak. While Inc42 said that the leak involved personal data of 325,000 users, a report by the BleepingComputer said that the leak only contained data of 161,487 BuyUCoin members
Initially, BuyUCoin downplayed the leak by claiming that “not even a single customer was affected” by the breach and referred to previous reports as mere “rumors,” according to Cointelegraph. However, the company has since released a statement saying that they are thoroughly investigating the matter.
“Regarding the media report, we are thoroughly investigating each and every aspect of the report about malicious and unlawful cybercrime activities by foreign entities in mid-2020,” BuyUCoin said in a statement on January 22.
The crypto exchange also assured users that they are taking steps to ensure the security of their digital assets. “Every BuyUcoin user with active portfolios has 3FA enabled trading accounts,” the exchange said. “All our user's portfolio assets are safe and sound within a secure environment. 95% of user's funds are kept in cold storage, inaccessible to any server breach.”
However, some BuyUCoin users, such as the cybersecurity researcher Rajshekhar Rajaharia, are still concerned about the potential risks due to the leak. “What if someone used my account in any illegal activity?” he tweeted, adding that BuyUCoin’s initial response was “irresponsible.”
Comment 3