Breach at Indian exchange BuyUCoin reportedly exposes the personal data of 325K users

Indian BuyUCoin crypto exchange users have reportedly affected by a breach involving more than 325,000 individuals’ personal data.

A hacking group named ShinyHunters leaked a database containing the names, phone numbers, email addresses, tax identification numbers and bank account details of more than 325,000 users of BuyUCoin, according to a report from the Indian news outlet Inc42. A later report from Bleeping Computer, however, shows. That the leaked data may only contain information from 161,487 members of BuyUCoin.

Cybersecurity researcher Rajshekhar Rajaharia posted screenshots to Twitter last week. Which included trading activity and BuyUCoin referral codes, of the leaked data, recorded until September 2020.

BuyUCoin claimed that “not even a single customer was affected”

Initially, BuyUCoin claimed that “not even a single customer was affected” by the data breach and referred to the reports as “rumours,” but since then released a statement saying that it was “thoroughly investigating each and every aspect of the report about malicious and unlawful cybercrime activities by foreign entities.” The exchange added that all user funds were “safe and sound within a secure environment”.

Although no funds were reportedly affected by the exchange breach, there are still potential risks to users of BuyUCoin. Like the customers of the exchange, Ledger users had their personal data compromised in a data breach in June and July 2020. That affected 272,853 individuals who ordered hardware wallets. Since then, some users reported receiving threatening emails. With requests paid within 24 hours for a crypto ransom or they will face “horrifying” consequences.

Although real-world crypto-stealing attacks are much rarer than hacks or scams, they do happen. Some BuyUCoin users expressed their frustration with the reports of the breach. Whether they were concerned about their data or their physical well-being.

What if anybody used my account for any illegal activity?” said Rajaharia in a follow-up tweet, also a BuyUCoin user, calling the initial reaction of the exchange “irresponsible.”