Cyber Crime
War Of Words Over BuyUCoin Data Leak of 3.5 Lakh Users
New Delhi: A private cyber security researcher and an Indian crypto exchange are at loggerheads over its alleged leaked data of 3.5 lakh users. Delhi-based crypto exchange BuyUcoin has denied any leak, whereas independent cyber expert Rajshekhar Rajaharia presented his own details which were part of the leak.
According to Rajaharia, he has found sensitive data of nearly 3.25 lakh users of BuyUCoin – India-based global cryptocurrency exchange and wallet. The data which is suspected to be leaked by an international group of hackers – ShinyHunters has been leaked on the Dark Web. ShinyHunters are also believed to be behind exposing data of 2 crore BigBasket users and now 1.6 million user data of free photo editing app Pixlr.
Rajaharia told The420.in that the leaked data contains sensitive information such as users’ bank account numbers, IFSC codes, and the type of bank accounts and is contained in a MongoDB dump, which is a popular database for modern apps.
BuyUCoin was quick to shoot down Rajaharia’s claim by terming the data breach as a rumour. The company in its official statement said , “We would like to clarify that not even a single customer was affected during the incident.”
The company’s CEO Shivam Thakral in the statement also said, “We would like to reiterate the fact that only dummy data of 200 entries were impacted which was immediately recovered and secured by our automated security systems.”
But the company has gone mum after Rajaharia said he was a verified customer of BuyUCoin and shared a screenshot where his sensitive information could be seen. “The hacker posted BuyUcoin data on the web publicly. Unfortunately, I am also a user of BuyUcoin, and I found my bank and KYC details in the leaked data dump. This is a very irresponsible statement from the company. What if a bad actor would use any of the leaked user accounts in any illegal crypto activity? Who will be responsible in such case?” Rajaharia told The420.in.
He added that crypto data leak may become a very serious issue as the data could be used in illegal activities in many ways. It’s the company’s responsibility to inform affected users and protect data instead of making any false claims.
Meanwhile official of BuyUcoin maintains that all the transactions on our platform take place in a highly encrypted environment. The company collects sensitive information and banking details as part of KYC and to be able to trade in cryptocurrencies. The platform supports more than 50 leading cryptocurrencies, including Bitcoin, Ethereum and Ripple.
The leaked data dump allegedly has data till September 2020. Leaking of sensitive and personal information make customers vulnerable to large-scale phishing attacks. The year 2020 exposed how Indian companies are vulnerable to sophisticated cyber-attacks with companies ranging from FMCG to pharma giants falling victim to digital crimes. However, strict compliance and harsher punishment for such leaks are yet to be seen.