Banking and KYC information of lakhs of users of BuyUcoin has allegedly been leaked on the dark web. According to a security researcher, the details included the names, email addresses, mobile numbers, order information, and deposit history of users. The data dump available on the dark Web also appears to have bank details including bank names and account numbers, as well as know-your-customer (KYC) information that includes PAN and passport numbers of the people using BuyUcoin platform. The company has however denied the leak and said the surfaced data dump was of some dummy accounts.
Cybersecurity researcher Rajshekhar Rajaharia said that he found the data dump on the dark Web earlier this week. It included the details of more than three lakh BuyUcoin users. The Delhi-NCR-based company claims to have over 3.5 lakh users in total.
The researcher said BuyUcoin appeared to have faced a data breach in September last year that resulted in the latest leak on the dark Web. Alongside user details, the data dump included a folder with admin credentials that could be used to access the server. Rajaharia stated that the dump was posted on the dark Web by Shiny Hunters, the hacker group that allegedly leaked the data of BigBasket and JusPay in the recent past.
The leaked data could be used by bad actors to run fraudulent attacks against individuals, the researcher said. He also added that the data could also enable hackers to understand the credit score of the victims using transaction details. Though BuyUcoin CEO and Co-founder Shivam Thakral denied the leak.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
