Users of the Indian crypto exchange BuyUCoin have reportedly been affected by a breach that puts the personal information of more than 325,000 people at risk.
According to a report by Indian news agency Inc42, a hacking group called ShinyHunters leaked a database of names, phone numbers, email addresses, tax identification numbers and bank account details of more than 325,000 BuyUCoin users. However, a later report by Bleeping Computer shows that the leaked data may only include information from 161,487 BuyUCoin members.
Cybersecurity researcher Rajshekhar Rajaharia posted screenshots of the leaked data recorded through September 2020 on Twitter last week, including trading activity and BuyUCoin referral codes.
Trading #cryptocurrency? 3.5 Lakh user data including me leaked from @buyucoin. The leaked data included name, email, mobile phone, bank account numbers, PAN number, wallet details, etc. Again, the affected users were not informed by the company.
Story – https://t.co/rUrfSQ96Z1#InfoSec pic.twitter.com/1xFOtLcd8F
– Rajshekhar Rajaharia (@rajaharia) January 21, 2021
BuyUCoin initially claimed that “not even a single customer was affected by the data breach”, calling the reports “rumors”, but has since issued a statement stating “to thoroughly investigate every aspect of the report for malicious and unlawful means” Cybercrime by foreign companies. The exchange added that all user funds are “safe and sound in a secure environment” as 95% is kept in the cold store.
Although no funds were reportedly affected by the exchange breach, BuyUCoin users still face potential risks. As with the exchange’s customers, Ledger users’ personal information was compromised in a data breach in June and July 2020 that affected 272,853 people who ordered hardware wallets. Some users have since reported receiving threatening emails demanding payment of a crypto ransom within 24 hours, or facing “dire” consequences.
While real-world attacks to steal crypto are much less common than hacks or scams, they do happen. Whether some BuyUCoin users were concerned about their data or their physical well-being, they expressed frustration with the reports of the breach.
“What if someone used my account for illegal activity?” said Rajaharia – also a BuyUCoin user – in a follow-up tweet and called the exchange’s first response “irresponsible”.
Cointelegraph reached out to Shivam Thakral, CEO of BuyUCoin for comment, but received no response at the time of publication.