Upstox alerts users of data breach; says funds, securities remain safe

PTI reports:

Retail broking firm Upstox has alerted customers of a security breach that included contact data and KYC details of customers, but assured users that their funds and securities remain safe.

The development comes close on the heels of reports of data breaches at organisations like MobiKwik, Facebook and LinkedIn.

“On receipt of e-mails claiming unauthorised access into our database, we have appointed a leading international cyber-security firm to investigate possibilities of breach of some KYC data stored in third-party data warehouse systems. This morning, hackers put up a sample of our data on the dark web,” a company spokesperson said in an e-mailed statement.

Read more on Indian Express. Upstox has posted an announcement on its site to users.

The situation does not appear to be a good one for them, however, as the hacker who posted the sample is a well-known hacker.

In listing the data, the hacker listed his offering as “Part 1” of what he will be offering, noting 11 hours ago:

We tried to get in touch with Upstox. Unfortunately they still haven’t replied even after 2 weeks, It seems like users’ safety isn’t one of their top priorities.

Upstox listing on forum

The free samples included user data, 2500 KYC (Know Your Customer) records, and miscellaneous other samples.  The same threat actor listed the free samples on a popular Russian-language forum:

Upstox lising on Russian-language forum

About the author: Dissent

Comments are closed.