Millions of Upstox Data Leak; Stock Broking Firm Cyber Attack

Upstox is one of the leading stock broking firms in India. It ranks second after Zerodha, in terms of active users. The firm is connected with 2.5 million clients, and it is expected that their data has been leaked online. This could be the biggest KYC leak in the country.

The firm has already informed its clients about the data breach and assured that their funds are safe and secure. The company is backed by many renowned names including Ratan N Tata and Tiger Global.

Know the story:

The digital attackers named “ShinyHunters” have accessed the Upstox server and leaked around 56 million client's data. The said group is known for its ransomware attacks.

Moreover, the leaked data includes Name, DOB, Email, PAN, Bank details, etc. The hackers also have access to their KYC documents such as passport, cancelled cheque, signature etc.

Discussing on the reasons, Mr. Rajshekhar Rajaharia - cyber security researcher claimed the improper configuration of Upstox Amazon AWS S3 bucket. Moreover, this is a common reason which resulted in many data breach in the past.

Positively, the stock broker firm has come up with a response stating that they have upgraded their security systems as per suggested by an international global cyber-security organization.

As per sources, it is found that initially the hacking group leaked around 1 lakh data on the dark web and contacted the firm on 31st March, 2021. In addition, the group has demanded 1.2 million dollars as ransom.

Ravi Kumar, CEO, Upstox reported:

"We have upgraded our security systems manifold recently, on the recommendations of a global cyber-security firm. We brought in the expertise of this globally renowned firm after we received emails claiming unauthorized access to our database. These claims suggested that some contact data and KYC details may have been compromised from third-party data-warehouse systems."

"We would like to assure you that your funds and securities are protected and remain safe. Funds can only be moved to your linked bank accounts and your securities are held with the relevant depositories. As a matter of abundant caution, we have also initiated a secure password reset via OTP."

Found this helpful?

Keep following ISOEH news for latest cyber security updates. We are one of the reputed cyber security institutes in India, and developing professionals to fight against the digital attackers.

Share the news with your loved ones, and help them to create a secure digital environment.