Discount broker Upstox suffers data breach – Aadhaar, PAN and bank account numbers leaked
Upstox, the second largest stock broker in India, has suffered a massive data breach.
- This breach has exposed user data like Aadhaar, PAN, bank account numbers and more.
- While Upstox did not comment on the data leak, it said it has upgraded its security systems ‘manifold’ on the recommendations of a global cyber-security firm.
Popular discount broker Upstox has suffered a massive data breach that has exposed some important data like Aadhaar, PAN and bank account numbers, apart from other personally identifiable information like mobile numbers and email addresses.
Upstox is a Delhi-based discount stock broker that allows its customers to buy and sell shares. It is backed by Tiger Global and has over 1 million customers.
“We have upgraded our security systems manifold recently, on the recommendations of a global cyber-security firm. We brought in the expertise of this globally renowned firm after we received emails claiming unauthorised access into our database,” Upstox said on its website, reacting to reports of the data breach.
The company said that despite the data breach, the funds and shares of its customers are safe. This is for two reasons – funds in your Upstox account can only be withdrawn to the linked bank account, and the shares are held with the depositories – either Central Depositories Services India Ltd (CDSL) or National Securities Depository Ltd (NSDL) – and not with Upstox.
With that being said, Upstox users have other things to be worried about. Security researcher Rajshekhar Rajaharia, who had earlier tipped Business Insider about Juspay and MobiKwik data breaches, told us that the
This data could be used by hackers or malicious parties to impersonate users and transact on their behalf without the users’ knowledge.
According to Rajaharia, the Upstox data breach was executed due to a compromised Amazon Web Service (AWS) key used by the company. He says that the same AWS key vulnerability was exploited in the MobiKwik data breach as well.
Rajaharia shared a data sample with us – the sample revealed user details as reported in the breach. However, we could not verify the authenticity of the sample. The hacking group, ShinyHunter, has taken down the data for now.
Upstox is the latest in Indian companies being targeted by hackers
The Upstox data breach is the latest in a string of Indian companies being hacked – the most recent ones were MobiKwik, Juspay, ClickIndia, ChqBook, WedMeGood, among others.
However, this time around, the Upstox data breach could be a result of its own folly.
The company that processes payments for Amazon and Swiggy has reported a data leak of over 100 million debit and credit cardholders
From FireEye to Twitter to Covid-19 vaccine research — these were the biggest cyber attacks of 2020
Popular on BI
- How OnlyFans star Riley Reid plans to 'immortalize' herself using AI
- A leading supplement researcher says she doesn't take any — because she's getting what she needs from her vegan diet
- Mattel rolled out a Barbie to honor a late Cherokee Nation chief with a language error on the box that says 'chicken' instead of 'Cherokee'
- Budget offering: Redmi 13C and Redmi 13C 5G hit Indian market sub ₹10,000
- Market mavens expect a mega bull run in 2024 as risks fade, large caps & cyclicals to drive rally
- Value-for money Indian private schools in Dubai now have over 90,000 students
- Best split AC for medium size room in India 2023
- Nine in ten Indian firms view GenAI tools as potential security risk