Infamous hacking group ShinyHunters has released 350,000 users’ data of Indian cryptocurrency exchange, BuyUCoin.
Business Insider India reports today that a 6GB volume of data from the exchange was released on the dark web, including sensitive details such as users’ full names, e-mails, phone numbers, encrypted passwords, and transaction history bank details, among others.
These data are part of the KYC requirements the exchange demands from users before they can commence their trading journey on the platform.
Rajshekhar Rajaharia, an independent cybersecurity researcher, told Business Insider India that the data was contained in a MongoDB database and is downloadable for free on the dark web.
While the exposure of users’ data such as names, e-mails, and phone numbers is not new in the industry, Rajaharia expressed concern about the implications of leaking users’ bank details.
“This is a serious hack as key financial, banking, and KYC details have been leaked on the Dark Web,” Rajaharia commented.
BuyUcoin is a cryptocurrency exchange that supports more than 50 cryptocurrencies, including BTC, Ether (ETH), Ripple (XRP).
The exchange services more than 325,000 users across India and Estonia and claims to have processed cryptocurrency trades of over $500 million since it was launched in 2016.
ShinyHunters, a group of hackers that started operations recently, has been terrorizing several Indian businesses, including Chqbook, JustPay, BigBasket, and photo editing site Pixlr.
The group’s modus operandi is to gain illegal access to these companies’ websites and download sensitive users’ data, which are published for free on the dark web. The group recently exposed 1.9 million users’ data stolen from the Pixlr platform.
Although the hacking group is fond of publishing hacked data for free, Rajaharia said the group demanded $10,000 in Bitcoin (BTC) to sell data stolen from BigBasket’s database.
Affiliate: Deposit 0.02 BTC, and get a 100% bonus to trade futures on Bexplus.
Author: Lele Jima