Upstox Data Breach Leaking Customers’ PII
Upstox is the second-largest Indian stockbroking firm in terms of active clients. Earlier today, an independent security researcher named Rajasekhar Rajaharia has pointed out a data breach relating to Upstox, that has leaked the sensitive information of 2.5 million customers online. Rajaharia has earlier disclosed a data breach at MobiKwik and now shared that a ransomware group called ShinyHunters breached the Upstox server, and leaked over 56 million KYC of their customers. The leaked data include customers’ Names, Email, DOB, PAN, Bank Details, and KYC information like their Passport, PAN, Cancelled Cheque, Sign Pics, etc.
— Rajshekhar Rajaharia (@rajaharia) April 11, 2021 This is after the company has “received emails claiming unauthorized access into our (Upstox) database.” Disclosing that “some contact data and KYC details may have been compromised from third-party data-warehouse systems,” Upstox assured that no funds or securities from users’ accounts were impacted. Further, it has initiated a secure password reset via OTP as a “matter of abundant caution,” and suggested users the following methods to remain secure;
Always use unique strong passwords (multi-case, alphanumeric, no name fragments) and different from older versions Never share OTPs with anyone Watch out for OTPs you may not have requested and alert the service provider in such events Beware of online fraud and double-check the legitimacy of links and senders.