Breach at Indian exchange BuyUCoin allegedly exposes 325K users’ personal data

Published at: Jan. 24, 2021

Users of Indian crypto exchange BuyUCoin have reportedly been affected by a breach compromising personal data of more than 325,000 people.

According to a report from Indian news outlet Inc42, a hacking group by the name of ShinyHunters leaked a database containing the names, phone numbers, email addresses, tax identification numbers and bank account details of more than 325,000 BuyUCoin users. However, a later report from Bleeping Computer shows the leaked data may only contain information from 161,487 BuyUCoin members.

Cybersecurity researcher Rajshekhar Rajaharia posted screenshots of the leaked data — recorded until September 2020 — to Twitter last week, which included trading activity and BuyUCoin referral codes.

Trading in #cryptocurrency? 3.5 Lakh Users data including me leaked From @buyucoin. The leaked data contains Name, Email, Mobile, bank account numbers, PAN Number, Wallets Details etc. Again didn't informed to affected users by company.Story - https://t.co/rUrfSQ96Z1#InfoSec pic.twitter.com/1xFOtLcd8F

— Rajshekhar Rajaharia (@rajaharia) January 21, 2021

BuyUCoin initially claimed that “not even a single customer was affected” by the data breach and referred to the reports as “rumors,” but has since released a statement saying it was “thoroughly investigating each and every aspect of the report about malicious and unlawful cybercrime activities by foreign entities.” The exchange added that all user funds were “safe and sound within a secure environment” as it reported 95% were kept in cold storage.

Though no funds have reportedly been affected in the breach of the exchange, there are still potential risks to BuyUCoin users. Like the exchange’s customers, Ledger users had their personal data compromised in a June and July 2020 data breach affecting 272,853 people who ordered hardware wallets. Some users have since reported receiving threatening emails with demands for a crypto ransom to be paid within 24 hours or they will face “horrifying” consequences.

While real world attacks to steal crypto are much rarer than hacks or scams, they do occur. Whether concerned for their data or their physical well being, some BuyUCoin users expressed their frustration with the reports of the breach.

“What if someone used my account in any illegal activity?” said Rajaharia — also a BuyUCoin user — in a follow-up tweet, calling the exchange's initial response “irresponsible.”

Cointelegraph reached out to BuyUCoin CEO Shivam Thakral for comment, but did not receive a response at the time of publication.

Tags
Related Posts
UK High Court Orders Freeze on $1M of Bitcoin in Ransomware Case
A United Kingdom High Court ordered a proprietary injunction on Bitcoin (BTC) obtained through a ransomware attack on a Canadian insurance company. A proprietary injunction is an order which prevents a person from dealing with their own assets when it is subject of a proprietary claim. On Jan. 17, the UK High Court released documents concerning a ransomware attack, in which over 1,000 computers of the insurance company were rendered unusable through the use of malware that encrypted files, making them unaccessible. The unidentified attackers demanded $1.2 million in Bitcoin in exchange for decrypting the data. The firm’s insurer covered …
Bitcoin / Jan. 28, 2020
Japanese police are investigating 30 people allegedly involved in the 2018 Coincheck hack
Authorities in Japan are reportedly targeting individuals for their alleged involvement in the January 2018 hack of the Coincheck crypto exchange. According to a Jan. 22 report from Japanese news outlet Nikkei Asia, police have arrested or referred roughly 30 people in Japan to the local prosecutors’ office for their alleged role in hacking one of the country’s cryptocurrency exchanges. In January 2018, hackers stole roughly $534 million worth of NEM (XEM) from Coincheck in what was — and still is — the largest hack of a crypto exchange. Nikkei Asia claims that according to an unnamed source, investigators "traced …
Regulation / Jan. 21, 2021
NCFTA onboards crypto exchange Binance to fight against cybercrime
The National Cyber-Forensics and Training Alliance (NCFTA), an American non-profit, onboarded its first crypto firm Binance to aid their ongoing battle against cybercrimes. Founded in 2002, the NCFTA partners with law enforcement and various business and academic entities to source threat intelligence to identify and mitigate cybercrime threats. By partnering with Binance, the world’s biggest crypto exchange in terms of trading volume, the NCFTA aims to tackle international cybersecurity investigations. According to Binance’s VP of Global Intelligence and Investigations, Tigran Gambaryan, the exchange aims to be the leading contributor in the fight against cybercrime, ransomware, and terrorism financing: “Joining the …
Blockchain / Jan. 18, 2022
Truth or fiction? Popular former hacker claims to have $7B in BTC
A former blackhat hacker who goes by the name Gummo online claims to have amassed around $7 billion worth of Bitcoin (BTC). Despite a flood of positive comments and posts relating to his interviews with the Soft White Underbelly YouTube channel — which has 3.18 million subscribers — information about Gummo is scarce elsewhere, which could either be by design or suggest that a large pinch of salt may be required when listening to his extravagant claims. He said that he has been working in the field for more than 30 years, and while he started hacking for illicit reasons …
Blockchain / March 16, 2022
Web3 is the solution to Uber’s problem with hackers
Uber is a staple of the gig economy, for better or worse, and a disruptor that once sent shockwaves throughout the mobility space. Now, however, Uber is being taken for a ride. The company is handling a reportedly far-reaching cybersecurity breach. According to the ride-hailing giant, the attacker has not been able to access sensitive user data, or at least, there is no evidence to suggest otherwise. Whether or not sensitive user data was exposed, this case points to a persistent issue with today’s apps. Can we continue to sacrifice our data — and thereby our privacy and security — …
Defi / Oct. 1, 2022