NEC Corporation

Upstox suffers a security breach, resulting in the exposure of 2.5 million users’ sensitive information online from unsecured AWS S3 Bucket.

The exposed details include names, email addresses, dates of birth, bank account information, and KYC documents from the company’s server.

Security researcher Rajshekhar Rajaharia disclosed the breach first on April 11th, it was not sure when the breach occurred.

Reacting to the story, Upstox said that “we have upgraded our security systems manifold recently, on the recommendations of a global cyber-security firm. We brought in the expertise of this globally renowned firm after we received emails claiming unauthorized access into our database.”

Also the company added that “hese claims suggested that some contact data and KYC details may have been compromised from third-party data-warehouse systems.”

The company confirmed that customers’ funds are safe and “can only be moved to your linked bank accounts”.

It is recommended to have a strong and unique passwords and carefully watch out for OTP request.

The Upstox breach followed by India-based digital wallet service MobiKwik that exposes 120 million users, 3 million merchants, and 300+ billers.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.