It has been reported that the Indian cryptocurrency exchange Buyucoin was hacked and sensitive data of approximately 325,000 users were leaked to the dark web.
According to the reports, the leaked data include personal information, encrypted passwords, user wallet information, order information, bank information, PAN numbers, passport numbers and deposit histories.
Independent cybersecurity researcher Rajshekhar Rajaharia explained that the 6GB file in the MongoDB database contains three backup files containing Buyucoin data. Among the leaked data, the researcher also found his own information, which he used to create an account on the platform last year. “This is a serious hack because important financial, banking and KYC details were leaked to the drak web,” said Rajaharia. He stated that a number of user information was leaked on Twitter. Rajaharia said on the matter:
“DO YOU TRADE CRYPTO CURRENCY? 3.5 LAKH USER DATA INCLUDING ME WAS LEAKED FROM BUYUCOIN. LEAVED DATA NAME, E-MAIL, MOBILE PHONE, BANK ACCOUNT NUMBERS, PAN NUMBER, WALLET INFORMATION ETC. CONTAINS. AGAIN, THE AFFECTED USERS WERE NOT GIVEN COMPANY-BASED INFORMATION. ”
According to the Economic Times, Buyucoin was the latest victim of the Shinyhunters, a hacker group that leaked databases on well-known English-speaking forums for free. Israel-based darknet threat intelligence provider KELA confirmed the leak. “These logs are now floating on the dark web and can be used by other cybercriminals,” firm analyst Victoria Kivilevich said. said.
Buyucoin has made two official statements on the issue since reports of security breaches surfaced. The first was done by its CEO, Shivam Thakral:
“IN THE MIDDLE OF 2020, WHEN CONDUCTING A ROUTINE TEST WITH FAKE DATA, WE FACED A LOW-EFFECTIVE SECURITY EVENT IN WHICH ONLY 200 INPUTS WERE IMPACTED BY FAKE DATA. WE WOULD LIKE TO CLARIFY THAT EVEN A SINGLE CUSTOMER IS NOT AFFECTED DURING THE EVENT. ”
Rajaharia responded with a tweet to the exchange’s official announcement, “Such an irresponsible statement from Buyucoin. I am your registered and KYC certified user. You also leaked my data. Please change your statement as soon as possible. What if someone uses my account for any illegal activity? Please notify your users right now. ” she used her expressions. Buyucoin CEO’s message was later replaced by a different message by the exchange. Buyucoin wrote: Regarding the media report:
“WE ARE EXPLORING INTO IN-DEPTH EVERY ASPECTS OF THE REPORT ON VIOLENT AND ILLEGAL CYBER CRIME ACTIVITIES MADE BY FOREIGN ORGANIZATIONS IN THE MIDDLE 2020.”