Online brokerage and trading platform Upstox was the latest Indian company to experience a security breach on their systems, resulting in about 2.5 million users gaining access to sensitive information on the dark web.
The leaked information includes names, email addresses, dates of birth, bank account information, and about 56 million Know Your Customer (KYC) documents retrieved from the company’s server.
The violation was first discovered on April 11 by independent researcher Rajsekhar Rajakhariya. It is not immediately known when the incident occurred.
However, in response to this development, the company said it recently updated its security systems following reports of “unauthorized access to our database,” while emphasizing that users’ funds and rights remain protected.
As a precaution, in addition to initiating secure password resets for user accounts, Upstox stated that it restricts access to the vulnerable database, implying that this was a case of a misconfigured AWS server, in addition to incorporating several security enhancements into its third-party data stores. and block the network. The company refrained from specifying the exact amount of receivables that might have been disclosed.
News of the Upstox security breach emerged weeks after India-based digital wallet service MobiKwik dealt with a major security incident after 8.2 terabytes (TB) of data belonging to its millions of users began to spread on cybercrime forums.
Other Indian companies such as Byju’s BigBasket, Dunzo, Edureka, Paytm Mall and WhiteHat Jr have also reported data breaches in recent months.