Upstox data breach leaks 56 million files

Upstox is the second-largest Indian stockbroking firm after Zerodha, which is No.1 in the country in terms of active clients. Upstox has 2.5 million customers with the stockbroking firm that has leaked the sensitive information of 2.5 million customers online. It is the biggest KYC leak.

Upstox backed by the some of the big names in the industry including Tiger Global and Ratan N Tata, The company has alerted customers on this security breach that included contact data and KYC details of customers. The firm assured users that their funds and securities remain safe.

The development comes close on the heels of reports of data breaches at organisations including Facebook, LinkedIn, and MobiKwik by the ShinyHunters , a high-profile data breach.

The ransomware group by the name called ShinyHunters breached the Upstox server, and leaked over 56 million KYC of their customers .The leaked data include customers’ Names, Email, DOB, PAN, Bank Details, and KYC information like their Passport, PAN, Cancelled Cheque, Sign Pics, etc.

Cyber security researcher Rajshekhar Rajaharia said, the reason to be the improper configuration of Upstox’s Amazon AWS S3 bucket, which has been the reason for many data leaks in past. Soon, Upstox has come up with an official statement saying that they have upgraded their “security systems manifold recently, on the recommendations of a global cyber-security firm.”

Sources said, the hacker group had informed the company on 31st March 2021. The Shiny hunters group is asking for 1.2 million dollar demand. The hackers group has made 1 lakh persons database public over the darkweb and the demand not fulfilled rest of the members database to made public.

Ravi Kumar,CEO of Upstox said, "We have upgraded our security systems manifold recently, on the recommendations of a global cyber-security firm. We brought in the expertise of this globally renowned firm after we received emails claiming unauthorized access to our database. These claims suggested that some contact data and KYC details may have been compromised from third-party data-warehouse systems."

We would like to assure you that your funds and securities are protected and remain safe. Funds can only be moved to your linked bank accounts and your securities are held with the relevant depositories. As a matter of abundant caution, we have also initiated a secure password reset via OTP."

Upstox, backed by investors like Tiger Global and Ratan Tata, has over three million users. In an announcement note on the company website, Upstox co-founder and CEO Ravi Kumar said funds and securities of customers are protected and remain safe.