Trading App Upstox Data Breach Exposed Contact Data

Data Breach At Trading App Upstox Exposed Customer Data

In a statement, trading app Upstox has alerted customers of a security breach that exposed their contact data and know-your-customer details (KYC) details. Upstox spokesperson said that they don’t know with certainty the number of customers whose data had leaked, but confirmed the leak took place since a portion of data was published on the dark web.

Upstox is an Indian fintech company that offers innovative investment options and provides securities brokerage and stock trading services. Upstox has over three million users and is backed by investors like Tiger Global and Ratan Tata. 

The fintech firm assured its customers that their funds and securities are safe. 

“Funds can only be moved to your linked bank accounts and your securities are held with the relevant depositories. As a matter of abundant caution, we have also initiated a secure password reset via OTP. Through this time, we have also strongly fortified our systems to the highest standards,” Upstox co-founder and CEO Ravi Kumar said in an announcement on the company website. 

This breach comes closely after reports of massive data leaks at Facebook, LinkedIn, and MobiKwik.

Upstox has involved a third-party company to help with the investigation:

“On receipt of e-mails claiming unauthorised access into our database, we have appointed a leading international cyber-security firm to investigate possibilities of breach of some KYC data stored in third-party data warehouse systems. This morning, hackers put up a sample of our data on the dark web,” a company spokesperson said in an e-mailed statement.

As a proactive measure, the company has implemented security measures at the third-party warehouses, real-time 24×7 monitoring, and additional ring-fencing of its network. 

“As a matter of abundant caution, we have also initiated a secure password reset via OTP for all Upstox users. Upstox takes customer security extremely seriously. Funds and securities of all Upstox customers are protected and remain safe. We have also duly reported this incident to the relevant authorities,” the company’s spokesperson said.

The company said it also expanded its bug bounty program to encourage ethical hackers to stress-test its systems to help it identify vulnerabilities early. 

The company reminded customers to always use unique strong passwords and to beware of online fraud.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.