Discount broker Upstox suffers data breach – Aadhaar, PAN and bank account numbers leaked
- Upstox, the second largest stock broker in India, has suffered a massive data breach.
- This breach has exposed user data like Aadhaar, PAN, bank account numbers and more.
Upstoxdid not comment on the data leak, it said it has upgraded its security systems ‘manifold’ on the recommendations of a global cyber-security firm.
View all Offers
View all Offers
SleepX Ortho Plus Quilted 6 inch King Bed Size, Firm Memory Foam Mattress (Purple, 78x72x6 )₹ 11739₹ 23832Buy On
Amazon Brand - Solimo Trance High Back Mesh Contemporary Office Chair (Black)₹ 6799₹ 13500Buy On
- 33% OFF
Duroflex LiveIn - Pressure Relieving, Memory Foam, Roll Pack, 6 Inch Queen Size Medium Firm Mattress with Superior Comfort and Anti Microbial Fabric (78 X 60 X 6 Inches)₹ 10859₹ 17999Buy On
- 65% OFF
Amazon Brand - Solimo XXXL Bean Bag Filled With Beans (Black and Brown)₹ 1899₹ 6000Buy On
- 53% OFF
Ebee Store Multipurpose Table (Matt Finish, Wenge)₹ 1889₹ 4000Buy On
Popular discount broker Upstox has suffered a massive data breach that has exposed some important data like Aadhaar, PAN and bank account numbers, apart from other personally identifiable information like mobile numbers and email addresses.
Upstox is a Delhi-based discount stock broker that allows its customers to buy and sell shares. It is backed by Tiger Global and has over 1 million customers.
“We have upgraded our security systems manifold recently, on the recommendations of a global cyber-security firm. We brought in the expertise of this globally renowned firm after we received emails claiming unauthorised access into our database,” Upstox said on its website, reacting to reports of the data breach.
The company said that despite the data breach, the funds and shares of its customers are safe. This is for two reasons – funds in your Upstox account can only be withdrawn to the linked bank account, and the shares are held with the depositories – either Central Depositories Services India Ltd (CDSL) or National Securities Depository Ltd (NSDL) – and not with Upstox.
With that being said, Upstox users have other things to be worried about. Security researcher Rajshekhar Rajaharia, who had earlier tipped Business Insider about Juspay and MobiKwik data breaches, told us that the
This data could be used by hackers or malicious parties to impersonate users and transact on their behalf without the users’ knowledge.
According to Rajaharia, the Upstox data breach was executed due to a compromised Amazon Web Service (AWS) key used by the company. He says that the same AWS key vulnerability was exploited in the MobiKwik data breach as well.
Rajaharia shared a data sample with us – the sample revealed user details as reported in the breach. However, we could not verify the authenticity of the sample. The hacking group, ShinyHunter, has taken down the data for now.
Upstox is the latest in Indian companies being targeted by hackers
The Upstox data breach is the latest in a string of Indian companies being hacked – the most recent ones were MobiKwik, Juspay, ClickIndia, ChqBook, WedMeGood, among others.
However, this time around, the Upstox data breach could be a result of its own folly.
The company that processes payments for Amazon and Swiggy has reported a data leak of over 100 million debit and credit cardholders
From FireEye to Twitter to Covid-19 vaccine research — these were the biggest cyber attacks of 2020
Popular on BI
- Ethereum may not have too long to get its high gas fee issue in check, according to JPMorgan
- Terra's LUNA token continues to hold its own even in a crypto bear market — here's why
- SEBI is hiring young graduate professionals for a monthly stipend of ₹60,000, last date is January 25
- HUL spent Rs 1,193 crore on advertising between October and December 2021
- Rohit Sharma, Rishabh Pant and Ravichandran Ashwin included in ICC Men's Test team of the Year 2021