M1xchange Hit by World Leaks Cyberattack Claim

M1xchange, India's leading RBI-approved TReDS (Trade Receivables Discounting System) platform, has reportedly been targeted by the extortion group World Leaks, which claimed the breach on its dark-web leak site on June 9, 2026On June 9, 2026, the leak post references the victim M1xchange, an Indian technology platform that operates under the Reserve Bank of India's TReDS framework to facilitate trade receivables discounting for micro, small, and medium enterprises. 

World Leaks is a rebrand of Hunters International, which shifted its model from file encryption to pure data-theft extortion in early 2025World Leaks emerged in January 2025 as a rebrand of the Hunters International ransomware operation, shifting its focus from file encryption to solely stealing sensitive data and threatening to leak it unless a ransom is paid. The group has previously targeted major firms, including a breach of one of Dell's demonstration platformsA newly rebranded extortion gang known as "World Leaks" breached one of Dell's product demonstration platforms earlier this month and is now trying to extort the company into paying a ransom. 

M1xchange, operated by Mynd Solutions and founded in 2015, enables MSMEs to auction unpaid invoices to multiple financiers for immediate, collateral-free liquidityThe core role of M1xchange is to facilitate the discounting of trade receivables, including invoices and Bills of Exchange. It allows MSMEs to auction their invoices to multiple financiers (Banks/NBFCs) to get immediate liquidity at the lowest possible interest rates. Given the platform connects MSME suppliers, corporate buyers, and financiers, any data exposure carries significant downstream risk across India's MSME financing ecosystem.

Importantly, this remains an unverified claim posted on the attackers' leak site — security researchers monitoring it note: "No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed"NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security by monitoring services, and no official confirmation from M1xchange has been reported yet. 

Users connected to the platform—corporate buyers, suppliers, and financiers—are advised to monitor official communications, reset credentials with MFA enabled, and alert internal security teams to watch for unusual account activity pending further clarity.