Disclaimer: We may earn a commission if you make any purchase by clicking our links. Please see our detailed guide here.

Follow us on:

Google News

IPL’s official partner Upstox is hacked, risking 25-30 lakh users’ data

Meet the voice behind Indo-Asian News Service (IANS), a storyteller navigating the currents of global events with precision and depth. Crafting narratives that bridge cultures, IANS brings you the pulse of the world in every word

Join the Opinion Leaders Network

Join the Techgenyz Opinion Leaders Network today and become part of a vibrant community of change-makers. Together, we can create a brighter future by shaping opinions, driving conversations, and transforming ideas into reality.

Digital stockbroking firm Upstox, one of the official partners of the Indian Premier League (IPL), has admitted a data breach, saying that the financial details of its users are completely safe. However, cyber security researchers said at least 25-30 lakh users may be affected and the hacker is asking $1.2 million ransom.

According to independent security researcher Rajshekhar Rajaharia, this is the handiwork of ShinyHunters that has been involved in several hacking incidents involving top Indian companies (including Bigbasket, BuyUcoin and JusPay), and data of 25-30 lakh Upstox users and 5.6 crore KYC files may have been leaked.

Claiming that the funds and securities are protected and remain safe, the Tiger Global-backed company said in a statement that it has upgraded the security systems, based on the recommendations of a global cyber-security firm.

“We brought in the expertise of this globally renowned firm after we received emails claiming unauthorised access into our database. These claims suggested that some contact data and KYC details may have been compromised from third-party data-warehouse systems,” the company said in the statement.

“As a matter of abundant caution, we have also initiated a secure password reset via OTP,” the company added.

According to Rajaharia, the breached database includes bank account details, mobile numbers, pictures of users’ signature, Aadhaar, PAN and passport etc.

Ravi Kumar, Co-founder and CEO of Upstox, said the company takes security and privacy very seriously.

“While we have already reported this incident to the relevant authorities, we deeply regret any inconvenience this may have caused you,” Kumar said.

According to Sonit Jain, CEO of GajShield Infotech, in a rush to scale their business, many a times, enterprises do not focus on data security.

“Being aware of where customer data is located and protecting it, is a must for every organisation, however big or small they maybe. Data security should not be a one-time effort, enterprises need to have a real time visibility to their threat surface and data flows,” Jain said.

ShinyHunters has been involved in several data breaches recently, including allegedly leaking sensitive data of nearly 3.25 lakh users of Delhi-NCR based global cryptocurrency exchange and wallet, BuyUcoin, on the Dark Web.

The hacker has also leaked 19 lakh user records stolen from free online photo editing application Pixlr.

In November last year, one of India’s popular online grocery stores BigBasket, found that data of over 2 crore users had been hacked and were on sale on the Dark Web for over $40,000 — which is reported to be the handiwork of ShinyHunters.

The hacker is allegedly behind over 44 public leaks in 2020 and several are not yet listed. The databases he has contain information of over 125 crore people globally, including more than 20 crore Indians.


Partner With Us

Digital advertising offers a way for your business to reach out and make much-needed connections with your audience in a meaningful way. Advertising on Techgenyz will help you build brand awareness, increase website traffic, generate qualified leads, and grow your business.

Power Your Business

Solutions you need to super charge your business and drive growth

More from this topic