Discount broker Upstox suffers data breach – Aadhaar, PAN and bank account numbers leaked
Upstox, the second largest stock broker in India, has suffered a massive data breach.
- This breach has exposed user data like Aadhaar, PAN, bank account numbers and more.
- While Upstox did not comment on the data leak, it said it has upgraded its security systems ‘manifold’ on the recommendations of a global cyber-security firm.
Popular discount broker Upstox has suffered a massive data breach that has exposed some important data like Aadhaar, PAN and bank account numbers, apart from other personally identifiable information like mobile numbers and email addresses.
Upstox is a Delhi-based discount stock broker that allows its customers to buy and sell shares. It is backed by Tiger Global and has over 1 million customers.
“We have upgraded our security systems manifold recently, on the recommendations of a global cyber-security firm. We brought in the expertise of this globally renowned firm after we received emails claiming unauthorised access into our database,” Upstox said on its website, reacting to reports of the data breach.
Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More
The company said that despite the data breach, the funds and shares of its customers are safe. This is for two reasons – funds in your Upstox account can only be withdrawn to the linked bank account, and the shares are held with the depositories – either Central Depositories Services India Ltd (CDSL) or National Securities Depository Ltd (NSDL) – and not with Upstox.
With that being said, Upstox users have other things to be worried about. Security researcher Rajshekhar Rajaharia, who had earlier tipped Business Insider about Juspay and MobiKwik data breaches, told us that the
This data could be used by hackers or malicious parties to impersonate users and transact on their behalf without the users’ knowledge.
According to Rajaharia, the Upstox data breach was executed due to a compromised Amazon Web Service (AWS) key used by the company. He says that the same AWS key vulnerability was exploited in the MobiKwik data breach as well.
Rajaharia shared a data sample with us – the sample revealed user details as reported in the breach. However, we could not verify the authenticity of the sample. The hacking group, ShinyHunter, has taken down the data for now.
Upstox is the latest in Indian companies being targeted by hackers
The Upstox data breach is the latest in a string of Indian companies being hacked – the most recent ones were MobiKwik, Juspay, ClickIndia, ChqBook, WedMeGood, among others.
However, this time around, the Upstox data breach could be a result of its own folly.
The company that processes payments for Amazon and Swiggy has reported a data leak of over 100 million debit and credit cardholders
From FireEye to Twitter to Covid-19 vaccine research — these were the biggest cyber attacks of 2020
Popular on BI
- We asked ChatGPT who the greatest athlete of all time is and it did not go well for LeBron James
- OpenAI CEO Sam Altman is privately reassuring developers using the company's tech that it won't compete with them beyond ChatGPT
- The crowd at the unveiling of Apple's Vision Pro headset let out a collective groan when they found out how wildly expensive it was
- Heatwave grips India - Bihar, West Bengal, Jharkhand to record highest temperature
- Apple Arcade looks Stronger Than Ever - New & Exciting Games Announced
- What is the best date to set for your SIPs – Beginning, end, or middle of the month?
- Asus ROG Flow Z13 review – a premium gaming tablet
- Must do activities on your visit to Mahabaleshwar