Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web.
The leaked information includes names, email addresses, dates of birth, bank account information, and about 56 million know your customer (KYC) documents pulled from the company’s server.
The breach was first disclosed by independent researcher Rajshekhar Rajaharia on April 11. It’s not immediately clear when the incident occurred.
Reacting to the development, the company, however, said it had recently upgraded its security systems following reports of “unauthorized access into our database” while stressing that users’ funds and securities remained protected.
As a precaution, besides initiating a secure password reset of users’ accounts, Upstox said it restricted access to the impacted database, implying it was a case of a misconfigured AWS server, in addition to incorporating multiple security enhancements at its third-party data warehouses and ring-fencing the network. The company refrained from specifying the exact number of client accounts that may have been exposed.
News of Upstox’s security breach comes weeks after an India-based digital wallet service MobiKwik dealt with a major security incident after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on cybercrime forums.
Other Indian companies such as BigBasket, Dunzo, Edureka, Paytm Mall, and Byju’s-owned WhiteHat Jr too have reported data breaches in recent months.