In the past few days, tech companies and giants are facing data breaches and their users’ data is all over the black web, endangering people’s essential skills.
And now there’s one of the popular platforms, which is considered the second-largest stock broker in India has suffered a massive data breach that has bared some important credentials like PAN, Aadhaar, and bank account numbers, apart from basic personal data like names and contact numbers.
It is a discount stock brokerage company based in Delhi that allows its users to buy and sell shares online without any other work. The Indian company is supported by investor Tiger Global and Ratan N Tata currently has more than 1 million active customers.
Meanwhile, Upstox said through its website while responding to the reports of the data breach- “We have upgraded our security systems manifold recently, on the recommendations of a global cyber-security firm. We drew on the expertise of this world-renowned company after receiving emails claiming unauthorized access to our database.”
The company also stated that despite the data breach, the funds and stocks of its customers are safe, and there is no need to worry. This is for two reasons – funds in your Upstox account can only be withdrawn to the linked bank account, and the shares are held with the depositories – either Central Depositories Services India Ltd (CDSL) or National Securities Depository Ltd (NSDL) – and not with Upstox.
Now with that, the Security researcher Rajshekhar Rajaharia said, who had earlier tipped business insider about Juspay and Mobikwik data leaks, clearly reports that with the Upstox data breach it includes more crucial data which involves account details and other documents, and even the signatures or photos of the prospects.
The hacked data can be used by the unauthorized hacker forum for the wrong means, malicious acts, and to mock users, and even transact money on behalf of them without the users’ awareness.
The researcher said that the main reason behind the Upstox data breach could be a compromised Amazon web service key (AWS) used by the company earlier. He said the same thing was seen in the Mobikwik data breach, as the AWS key vulnerability was exploited this time too. To validate his claim, he also shared a sample of data with the relevant sources, exposing user IDs, but no one could verify the authenticity of the shared data.
Note: This news is based on millions of articles over the internet, Global Business Line does not take any responsibility for the facts and information mentioned in this news article.