The info leaked embody names, e-mails, cell numbers, encrypted passwords, person pockets particulars, order particulars, financial institution particulars, KYC particulars (PAN quantity, passport numbers) and deposit historical past.
In line with impartial cyber safety researcher Rajshekhar Rajaharia, the 6GB file on MongoDB database comprises three backup information containing BuyUcoin information.
“This can be a critical hack as key monetary, banking and KYC particulars have been leaked on the Darkish Internet,” Rajaharia advised IANS and shared some screenshots of the leaked information.
Researchers at cyber safety agency Kela Analysis and Technique Ltd first found the stolen information, linked on the identical discussion board, from Wongnai Media Co Ltd, Tuned International Pvt Ltd, BuyUcoin, Wappalyzer, Teespring Inc and Bonobos.com, which seems the handiwork of notorious hacking group ShinyHunters.
“Over this previous summer season, ShinyHunters was seen publishing leaked information without spending a dime, exposing hundreds of thousands of non-public data from everywhere in the world,” Victoria Kivilevich, risk intelligence analyst at Kela Analysis, advised SiliconANGLE.
“We’ve got seen collaborators of Shiny Hunters promoting and leaking different dumps within the current months.”
BuyUcoin was but to react to the report.
ShinyHunters has additionally leaked 1.9 million person data stolen from free on-line photograph modifying utility Pixlr.
In line with Rajaharia, the hacker is similar who earlier leaked BigBasket and JusPay information in India.
In November final yr, one among India’s fashionable on-line grocery shops BigBasket discovered that its information of over 20 million customers had been hacked and had been on sale on the darkish net for over $40,000.
“Now, the identical hacker group is asking about $10,000 in Bitcoin for the BigBasket database and can be promoting the three firms’ databases,” Rajaharia stated.
“There’s a robust connection between all these current information leaks, together with BigBasket,” he added.
Earlier this month, Bengaluru-based digital funds gateway JusPay stated that about 3.5 crore data with masked card information and card fingerprint had been compromised by the hacker.
Rajaharia additionally disclosed that three Indian firms — e-marketplace ClickIndia, fintech startup for small enterprise homeowners ChqBook and wedding ceremony planning web site WedMeGood — had been additionally hacked presumably by the identical hacker.
“Practically 80 lakh customers of ClickIndia (title, electronic mail, cell and different private particulars), 10 lakh customers of ChqBook (title, electronic mail, cell, full deal with and different private particulars) and 13 lakh customers of WedMeGood (title, electronic mail, hashed password, different delicate private info),” Rajaharia had revealed.