Upstox joins the spree of tech companies that have leaked their customer details due to a data breach. The Indian stockbroking firm has released an announcement this evening describing a possible data breach and suggested measures to secure user accounts. It claims to have tightened its infrastructure after being recommended by a cybersecurity firm.

Upstox Data Breach Leaking Customersโ€™ PII

Upstox is the second-largest Indian stockbroking firm in terms of active clients. Earlier today, an independent security researcher named Rajasekhar Rajaharia has pointed out a data breach relating to Upstox, that has leaked the sensitive information of 2.5 million customers online.

Rajaharia has earlier disclosed a data breach at MobiKwik and now shared that a ransomware group called ShinyHunters breached the Upstox server, and leaked over 56 million KYC of their customers. The leaked data include customersโ€™ Names, Email, DOB, PAN, Bank Details, and KYC information like their Passport, PAN, Cancelled Cheque, Sign Pics, etc.

He also revealed the reason to be the improper configuration of Upstoxโ€™s Amazon AWS S3 bucket, which has been the reason for many data leaks in past. Soon, Upstox has come up with an official statement saying that they have upgraded their โ€œsecurity systems manifold recently, on the recommendations of a global cyber-security firm.โ€

This is after the company has โ€œreceived emails claiming unauthorized access into our (Upstox) database.โ€ Disclosing that โ€œsome contact data and KYC details may have been compromised from third-party data-warehouse systems,โ€ Upstox assured that no funds or securities from usersโ€™ accounts were impacted.

Further, it has initiated a secure password reset via OTP as a โ€œmatter of abundant caution,โ€ and suggested users the following methods to remain secure;

  • Always use unique strong passwords (multi-case, alphanumeric, no name fragments) and different from older versions
  • Never share OTPs with anyone
  • Watch out for OTPs you may not have requested and alert the service provider in such events
  • Beware of online fraud and double-check the legitimacy of links and senders.

LEAVE A REPLY

Please enter your comment!
Please enter your name here