Data Breach — Indian discount broker — Upstox
Hackers exposes Indian customer information including Aadhaar , PAN and bank account numbers of customers of upstox.com
- Who : Upstox (upstox.com) is the second largest discount broking stock trading platform head quartered in New Delhi,India
- How big : We do not know the exact quantum of the data breach, but it is estimated to be around 2.5 million of its customers.
Very sensitive customer information like Aadhaar (Social Security number), PAN( Income Tax Number ) and bank account numbers, mobile numbers email addresses and even photographs of the customer signatures. (according to the security researcher Rajshekhar Rajaharia )
- How do we know about it : Upstox reported that they received emails claiming unauthorized access into their databases.
The breach was reported by a cyber security researcher Rajshekhar Rajaharia on his twitter handle
- What was the exploit : Through a compromised AWS key used by the company.
Response
Upstox reset all the password of its users in reponse to the reported data breach. [3]
Implications :
Upstox has reported no loss or pilferage of customer funds.
However, the severity of the data breach is high enough to enable bad elements to impersonate any of the customer profiles with detailed PII available from the data breach.
Upstox has issued an official announcement regarding the same — [2]
Links
Hackers hit India’s №2 broker Upstox
[2] Announcement from Upstox on security measures
