Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web.
The leaked information includes names, email addresses, dates of birth, bank account information, and about 56 million know your customer (KYC) documents pulled from the company’s server.
Company reacted “unauthorized access into our database” while stressing that users’ funds and securities remained protected.
As a precaution, besides initiating a secure password reset of users’ accounts, Upstox said it restricted access to the impacted database, implying it was a case of a misconfigured AWS server, in addition to incorporating multiple security enhancements at its third-party data warehouses and ring-fencing the network.
News of Upstox’s security breach comes weeks after an India-based digital wallet service MobiKwik dealt with a major security incident after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on cybercrime forums.