Upstox suffers a security breach, resulting in the exposure of 2.5 million users’ sensitive information online from unsecured AWS S3 Bucket.
The exposed details include names, email addresses, dates of birth, bank account information, and KYC documents from the company’s server.
Security researcher Rajshekhar Rajaharia disclosed the breach first on April 11th, it was not sure when the breach occurred.
Reacting to the story, Upstox said that “we have upgraded our security systems manifold recently, on the recommendations of a global cyber-security firm. We brought in the expertise of this globally renowned firm after we received emails claiming unauthorized access into our database.”
Also the company added that “hese claims suggested that some contact data and KYC details may have been compromised from third-party data-warehouse systems.”
The company confirmed that customers’ funds are safe and “can only be moved to your linked bank accounts”.
It is recommended to have a strong and unique passwords and carefully watch out for OTP request.
The Upstox breach followed by India-based digital wallet service MobiKwik that exposes 120 million users, 3 million merchants, and 300+ billers.