India’s leading stock broker Upstox suffered a major breach that allowed hackers to steal contact information and KYC details of over 25 lakh users. These details were put upon the dark web for sale.
The company states that it received various emails that claimed access into their database which compromised user details like Name, Email, DOB, PAN, Bank Details, KYC (Passport, PAN, Cancelled Cheque, soft copies of users’ signature etc.) from a data warehouse located at a third-party facility.
The company has alerted its users about the incident and has stated that there was no financial impact of the breach and the shares and funds etc. of its customers are safe and intact. Upstox has also announced that following the breach, the company has enhanced the security system on its servers.
We have upgraded our security systems in light of recent events around unauthorized database access. Read more: https://t.co/1axNC83CG6April 11, 2021
In an official statement, Upstox’s CEO not only assured users about the safety of users’ accounts but has also stated that the company is further “amping up our industry-class bug bounty program to encourage ethical hackers to stress test our systems and protocols and help us identify any vulnerabilities from time to time.”
Talking about the recent Facebook leak that compromised the personally identifiable data of over 553 million users across the globe. The interlopers were able to scrape details like Name, account ID, e-mail ID and phone numbers associated with the account.
Interestingly, Facebook is in no mood to alert users about the data breach and wants the users to do the research on their own. However, in case you want to know if your data was compromised, you can follow the process listed here or here. That said, even though Facebook says that the data was scraped in 2019 before the required fix was introduced, the leaked data included the personal details of Facebook’s senior executives including Mark Zuckerberg.
What should users do to secure their Upstox account ?
According to researchers, the breach could’ve been a result of improper security parameters implemented on their data hosting servers. The information compromised as a result of these attacks can be used to run phishing attacks, account takeovers, KYC frauds, impersonation etc.
Hence, the researchers suggest that users should remain watchful of their account and should change their passwords immediately. Users should also keep an eye on the OTPs that they receive on their phones. These OTPs should not be shared with anyone and the service provider should be informed immediately if you receive OTPs when you’ve not requested any.