Drumming their name to everyone, ShinyHunters have shared the links to an archived dump of stolen databases belonging to an Indian cryptocurrency exchange called Buyucoin. The dump includes PII of more than 160K users of the exchange, including Google sign-in tokens, hashed passwords, and bank details.
Buyucoin Stolen Database Leaked
ShinyHunters, the infamous group known for backing websites and leaking their databases has now shown up with a new dump of BuyUcoin. The group has earlier leaked databases of Wattpad, Teespring, MeetMindful, ProctorU, Mathway, and many others for free! Now, it’s up for a new one.
According to Gadgets360, ShinyHunters has shared a link to an archive, that has three database dumps belonging to an Indian cryptocurrency exchange called BuyUcoin. The three dumps were dated as of June 1st, 2020, July 14th, 2020, and September 5th, 2020. It’s unknown whether the group has hacked them on those dates or just the Buyucoin’s back-up time-frames.
Checking them, the first database contained PII of 161,487 users, including their email addresses, passwords based with bcrypt protocol, phone numbers, country location, and Google sign-in tokens if users registered using Google sign-in method. Some of them have been verified by BleepingComputer and resulted to be true.
Besides these, the rest databases contain users’ connected banking details and their cryptocurrency trading transactions. And when asked by Gadgets360, Buyucoin replied as “Regarding the recent media reports, we are thoroughly investigating each and every aspect of the report about the malicious and unlawful cybercrime activities by foreign entities in mid-2020.”
Further, “Every BuyUcoin user with active portfolio has 3-factor authentication enabled trading accounts. All our user’s portfolio assets are safe within a secure and encrypted environment. 95% of user’s funds are kept in cold storage which is inaccessible to any server breach.” Yet, it’s suggested that all users should change their passwords for better security.