Discount broker Upstox suffers data breach – Aadhaar, PAN and bank account numbers leaked
- Upstox, the second largest stock broker in India, has suffered a massive data breach.
- This breach has exposed user data like Aadhaar, PAN, bank account numbers and more.
Upstoxdid not comment on the data leak, it said it has upgraded its security systems ‘manifold’ on the recommendations of a global cyber-security firm.
Popular discount broker Upstox has suffered a massive data breach that has exposed some important data like Aadhaar, PAN and bank account numbers, apart from other personally identifiable information like mobile numbers and email addresses.
Upstox is a Delhi-based discount stock broker that allows its customers to buy and sell shares. It is backed by Tiger Global and has over 1 million customers.
“We have upgraded our security systems manifold recently, on the recommendations of a global cyber-security firm. We brought in the expertise of this globally renowned firm after we received emails claiming unauthorised access into our database,” Upstox said on its website, reacting to reports of the data breach.
The company said that despite the data breach, the funds and shares of its customers are safe. This is for two reasons – funds in your Upstox account can only be withdrawn to the linked bank account, and the shares are held with the depositories – either Central Depositories Services India Ltd (CDSL) or National Securities Depository Ltd (NSDL) – and not with Upstox.
With that being said, Upstox users have other things to be worried about. Security researcher Rajshekhar Rajaharia, who had earlier tipped Business Insider about Juspay and MobiKwik data breaches, told us that the
This data could be used by hackers or malicious parties to impersonate users and transact on their behalf without the users’ knowledge.
According to Rajaharia, the Upstox data breach was executed due to a compromised Amazon Web Service (AWS) key used by the company. He says that the same AWS key vulnerability was exploited in the MobiKwik data breach as well.
Rajaharia shared a data sample with us – the sample revealed user details as reported in the breach. However, we could not verify the authenticity of the sample. The hacking group, ShinyHunter, has taken down the data for now.
Upstox is the latest in Indian companies being targeted by hackers
The Upstox data breach is the latest in a string of Indian companies being hacked – the most recent ones were MobiKwik, Juspay, ClickIndia, ChqBook, WedMeGood, among others.
However, this time around, the Upstox data breach could be a result of its own folly.
The company that processes payments for Amazon and Swiggy has reported a data leak of over 100 million debit and credit cardholders
From FireEye to Twitter to Covid-19 vaccine research — these were the biggest cyber attacks of 2020
Popular on BI
- Elon Musk sparks another Shiba Inu rally ‘to the moon’ — other Shiba coins follow suit
- Elon Musk’s puppy, a new strategy to burn tokens, and altcoins playing catch up — the perfect storm for cryptocurrency Shiba Inu to skyrocket
- Chinese smartphone brands under scrutiny, government to check components, pre-installed apps: Report
- Jubilant FoodWorks slips 8% on weak store sales of Domino’s Pizza
- When Karisma Kapoor played Geet from Jab We Met for Dunzo Daily
- Indian employees to get the biggest salary hikes amongst Asia-Pacific countries next year
- Ola S1 and S1 Pro test rides to begin on November 10
- SUN Mobility raises $50 million from energy giant Vitol