Financial information of 3.3 lakh Indian users of Cryptocurrency Exchange Company BuyUCoin have been leaked to the dark web by a hacker group called ShinyHunters on January 20, independent cybersecurity researcher Rajshekhar Rajaharia alleged.
Information includes sensitive data such as bank account details (account type, bank IFSC code), email addresses, KYC documents, PAN numbers, and phone numbers, accessed through an alleged “breach in database” of BuyUCoin, the Times of India reported.
Moneycontrol could not independently verify the report.
BuyUCoin on the other hand has denied the breach and said “reports of 3.5 lakh users being compromised is incorrect.” It added that the company itself conducted “routine testing with dummy data” in mid-2020.
“We faced a ‘Low Impact Security Incident' in which non-sensitive, dummy data of only 200 entries were impacted. We would like to clarify that not a single customer was affected,” the company said.
But Rajaharia said ShinyHunters was behind the leak and also shared screenshots of the data dump with the paper. Notably, this particular hacker group had previously claimed responsibility for the Juspay data breach and has so far put 6GB of data of Indian crypto users on the ark web for free.
The data leaked was collected by BuyUCoin to facilitate the purchase of cryptocurrencies.
Cryptocurrencies are unregulated in India, Rajaharia pointed out, adding that since the data leaked is sensitive and can be used by the hackers to transact in cryptocurrency, “the onus is on the firm to inform its users that there has been a breach.”