ShinyHunters dump partial database of broker firm Upstox

ShinyHunters dump partial database of broker firm Upstox

ShinyHunters claims that they are negotiating with Upstox.


Upstox, a tech-first low-cost broking firm in India has issued an alert to inform customers about a data breach that took place between March and April 2021. The retail broking firm claims that funds and securities are safe and unaffected by the breach.


On its website, the company’s co-founder and CEO Ravi Kumar confirmed that some of the KYC (Know Your Client) data was stored in a third-party warehouse. 



“Funds can only be moved to your linked bank accounts and your securities are held with the relevant depositories. As a matter of abundant caution, we have also initiated a secure password reset via OTP. Through this time, we have also strongly fortified our systems to the highest standards.”



Upstox has restricted access to the breached database and added multiple security layers at all third-party warehouses. As of now, the company hasn’t revealed the number of customers affected by the breach.

ShinyHunters in action


The hacker behind the breach is ShinyHunters who published partial stolen data from Upstox and claimed that the reason behind dumping the data was to send a message to the company.


ShinyHunters added that Upstox did not respond to them when the company was informed about the breach.


However, since the company has admitted on Sunday that its databases had been breached, ShinyHunters has removed the download links from Raid Forums, an infamous hacker forum, and revealed that Upstox has responded and “negotiations” are in process.


What data was leaked?


Hackread.com has seen the data and it can be confirmed that it included the following information:


Names
City
State
Zipcodes
Last login date
Phone numbers
100,000 Email address ..