Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web.
The leaked information includes names, email addresses, dates of birth, bank account information, and about 56 million know your customer (KYC) documents pulled from the company’s server.
The breach was first disclosed by independent researcher Rajshekhar Rajaharia on April 11. It’s not immediately clear when the incident occurred.
Reacting to the development, the company, however, said it had recently upgraded its security systems following reports of “unauthorized access into our database” while stressing that users’ funds and securities remained protected.
As a precaution, besides initiating a secure password reset of users’ accounts, Upstox said it restricted access to the impacted database, implying it was a case of a misconfigured AWS server, in addition to incorporating multiple security enhancements at its third-party data warehouses and ring-fencing the network. The company refrained from specifying the exact number of client…