Crypto exchange denies hackers stole 6GB worth of user data
Cybersecurity experts in India believe an attack on cryptocurrency exchange BuyUcoin was carried out by a group linked to other high-profile breaches — but BuyUCoin disagrees.
An independent researcher recently found 6GB worth of stolen data related to all 350,000 of BuyUCoin’s customers on the dark web, including email addresses, passwords, phone and passport numbers, bank details, and deposit histories.
However, a BuyUCoin statement posted to its Substack on Thursday tells a different story.
BuyUCoin CEO Shivam Thakral claims hackers stole no user data. Instead, cybersecurity experts are allegedly confusing the recent heist with an incident in mid-2020 involving “dummy data.”
“BuyUcoin rejects alleged information in some media reports that the data of 3.5 lakh [350,000] customers was compromised,” wrote Thakral.
“We would like to reiterate the fact that only dummy data of 200 entries were impacted which was immediately recovered and secured by our automated security systems.”
The thing is, the database full of BuyUCoin customer data was corroborated by local firms Kela Research and Strategy Ltd, who previously disclosed leaks by a hacking collective known as ShinyHunters.
According to the firms, ShinyHunters also released data stolen from prominent Indian companies including Clickindia and Bigbasket — as well as online photography platform Pixlr.
Noteworthy too is that BuyUCoin’s alleged hacker didn’t demand ransoms to keep the data off the dark web, instead choosing to dump the databases online for free.
Still, one expert warned SiliconANGLE that hackers can easily weaponize the data for themselves, so BuyUCoin users should be prepared.
[Read more: Ryuk’s Bitcoin ransoms end up on Binance and Huobi, report]
“It doesn’t take much for bad actors to cross-reference the compromised data with previously breached records and create accurate profiles of the breach victims,” they said.
In August last year, a security flaw in Juspay saw details of thousands of digital payments leaked online, and in October hackers infiltrated the personal website of Indian prime minister Narendra Modi.