A new incident involving a cryptocurrency exchange made the headlines, the India-based cryptocurrency exchange suffered a security incident, threat actors leaked sensitive data of 325K users on the Dark Web.
Leaked data includes names, e-mails, mobile numbers, encrypted passwords, user wallet details, order details, bank details, KYC details (PAN number, passport numbers) and deposit history.
The researcher Rajshekhar Rajaharia analyzed the leaked data, it is a MongoDB database of 6GB that contains three backup files with BuyUcoin data.
The data was discovered by at threat intelligence firm Kela Research, it was leaked by a well-known threat actor known as ShinyHunters.
BuyUcoin has yet to confirm the security incident, it only announced the launch of an investigation.
Since data appeared on the dark web, Buyucoin has released two official statements on the incident.
“In the mid of 2020, while conducting a routine testing exercise with dummy data, we faced a ‘low impact security incident’ in which non-sensitive, dummy data of only 200 entries were impacted. We would like to clarify that not even a single customer was affected during the incident.” wrote Shivam Thakral, the company CEO.
Rajaharia was disappointed with the official statement and published the following tweet:
Then Buyucoin CEO published the following statement:
“We are thoroughly investigating each and every aspect of the report about malicious and unlawful cybercrime activities by foreign entities in mid-2020.”
“Now, the same hacker group is asking about $10,000 in Bitcoin for the BigBasket database and is also selling the three companies’ databases,” Rajaharia added.
“There is a strong connection between all these recent data leaks, including BigBasket.”
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, data breach)