BuyUcoin, an Indian cryptocurrency exchange is reportedly hacked leading to a breach of nearly 325K users’ data on the dark web. The reported breach has leaked sensitive personal information of customers that include e-mails, mobile numbers, encrypted passwords, user wallet details, order details, bank details, KYC details (PAN number, passport numbers), and deposit history.
— IANS Tweets (@ians_india) January 21, 2021
An independent cyber researcher revealed that the hackers got their hands on a 6GB file on the MongoDB database that included three backup files from BuyUcoin. The independent researcher called it a critical breach and said,
This is a serious hack as key financial, banking and KYC details have been leaked on the Dark Web,
Hacking Group Behind Exchange Hack a Known Offender
Kela Research and Strategy Ltd another cybersecurity firm tracked the stolen data to a forum that also contained stolen info from Wongnai Media Co Ltd, Tuned Global Pvt Ltd, BuyUcoin, Wappalyzer, Teespring Inc and Bonobos.com.
The researcher believes the hacker group behind the breach is the infamous ShinyHunters group who in the past have been found leaking stolen data throughout the summer.
The research platform said,
“Over this past summer, ShinyHunters was seen publishing leaked data for free, exposing millions of personal records from all over the world. We have seen collaborators of Shiny Hunters selling and leaking other dumps in the recent months.”
The hacker group in question was previously linked to the leak of 1.9 million personal records associated with is free online Photograph platform Pixlr. The crypto exchange is yet to make any official comment on the breach.
BuyUcoin was not the first exchange to see a breach of data as many centralized exchanges have similar breaches in the past, most notably the Binance KYC data breach.
However, in most cases, the hackers behind the breach ask for a ransom to not leak the stolen data which is not the case in BuyUcoin.
The breach also raises questions over how these centralized exchanges manage the sensitive personal info of the users.