The info leaked embody names, e-mails, cellular numbers, encrypted passwords, consumer pockets particulars, order particulars, financial institution particulars, KYC particulars (PAN quantity, passport numbers) and deposit historical past.
In response to impartial cyber safety researcher Rajshekhar Rajaharia, the 6GB file on MongoDB database accommodates three backup information containing BuyUcoin knowledge.
“This can be a critical hack as key monetary, banking and KYC particulars have been leaked on the Darkish Internet,” Rajaharia informed IANS and shared some screenshots of the leaked knowledge.
Researchers at cyber safety agency Kela Analysis and Technique Ltd first found the stolen knowledge, linked on the identical discussion board, from Wongnai Media Co Ltd, Tuned International Pvt Ltd, BuyUcoin, Wappalyzer, Teespring Inc and Bonobos.com, which seems the handiwork of notorious hacking group ShinyHunters.
“Over this previous summer season, ShinyHunters was seen publishing leaked knowledge without cost, exposing tens of millions of non-public data from everywhere in the world,” Victoria Kivilevich, risk intelligence analyst at Kela Analysis, informed SiliconANGLE.
“We’ve got seen collaborators of Shiny Hunters promoting and leaking different dumps within the latest months.”
BuyUcoin was but to react to the report.
ShinyHunters has additionally leaked 1.9 million consumer data stolen from free on-line photograph modifying utility Pixlr.
In response to Rajaharia, the hacker is identical who earlier leaked BigBasket and JusPay knowledge in India.
In November final yr, considered one of India’s well-liked on-line grocery shops BigBasket discovered that its knowledge of over 20 million customers had been hacked and had been on sale on the darkish net for over $40,000.
“Now, the identical hacker group is asking about $10,000 in Bitcoin for the BigBasket database and can also be promoting the three firms’ databases,” Rajaharia mentioned.
“There’s a sturdy connection between all these latest knowledge leaks, together with BigBasket,” he added.
Earlier this month, Bengaluru-based digital funds gateway JusPay mentioned that about 3.5 crore data with masked card knowledge and card fingerprint had been compromised by the hacker.
Rajaharia additionally disclosed that three Indian firms — e-marketplace ClickIndia, fintech startup for small enterprise homeowners ChqBook and marriage ceremony planning web site WedMeGood — had been additionally hacked presumably by the identical hacker.
“Almost 80 lakh customers of ClickIndia (title, electronic mail, cellular and different private particulars), 10 lakh customers of ChqBook (title, electronic mail, cellular, full deal with and different private particulars) and 13 lakh customers of WedMeGood (title, electronic mail, hashed password, different delicate private info),” Rajaharia had revealed.