Upstox warns of serious data breach, resets passwords

Upstox warns of serious data breach, resets passwords




Indian stock trading firm Upstox has revealed to users that it has suffered a serious security breach that may have seen unauthorised criminal access to millions of customers’ personal information.


According to a statement posted by Upstox on its website, it became aware that criminals may have compromised its databases after receiving emails from the suspected hackers.


Customers’ names, contact information, date of birth, bank account information, and millions of KYC (Know Your Customer) details are believed to have been stolen by the ShinyHunters gang after they gained access to the company’s Amazon AWS key.


A breach of KYC data is particularly serious – because it can contain scans of ID cards, passports, photo ID, and other documents that help prove an individual’s address such as utility bills.


Such information helps financial organisations determine the true identity of a customer, and fight money laundering and the funding of terrorism, but if they fall into the wrong hands can be abused by identity thieves and scammers.




Sign up to our newsletterSecurity news, advice, and tips.

Security researcher Rajshekhar Rajaharia told Medianama that the ShinyHunters gang were seeking a ransom payment from Upstox for the stolen data.


In response to the suspected breach, Upstox’s co-founder and CEO Ravi Kumar reassured customers that their funds remain safe, and said the company was strengthening its security:



“We would like to assure you that your funds and securities are protected and remain safe. Funds ca ..

Support the originator by clicking the read the rest link below.