Cyber Incident Victim: BuyUcoin
Date:
Sep 2020
Location:
India
Summary
A security breach at Indian cryptocurrency exchange BuyUCoin exposed sensitive user data through an unsecured MongoDB database, later leaked by the ShinyHunters hacking group. The compromised information included bank account details, email addresses, bcrypt-hashed passwords, mobile numbers, and Google sign-in tokens, potentially enabling fraud against affected investors. While the company initially described a limited 200-entry dummy data incident, researchers confirmed the authenticity of the full leak containing customer records. The exchange launched an investigation into the breach and announced plans for a cybersecurity overhaul amid conflicting statements about the incident's scope.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In January 2021, reports emerged that Indian cryptocurrency exchange BuyUCoin suffered a security breach exposing sensitive data of hundreds of thousands of users. The incident originated when threat actors accessed an unsecured MongoDB database containing 6GB of customer records, which was subsequently leaked on the dark web by the ShinyHunters hacking group. The compromised data included bank account details, email addresses, bcrypt-hashed passwords, mobile phone numbers, and Google sign-in tokens. Security researcher Rajshekhar Rajaharia and other customers verified the breach's authenticity by identifying their personal information in the leaked dataset. Screenshots suggested unauthorized access to the database may have occurred as recently as September 2020, though BuyUCoin initially described a mid-2020 "low impact security incident" involving only 200 dummy test records. The exposure created significant fraud risks for affected cryptocurrency investors, as criminals could exploit the financial and authentication details for scams.
BuyUCoin issued contradictory statements regarding the breach's scope and impact. CEO Shivam Thakral initially claimed no real customer data was compromised during what he characterized as a limited testing incident. This statement was later replaced with a blog post acknowledging investigations into "malicious and unlawful cybercrime activities by foreign entities in mid-2020." The company committed to updating users on investigation findings and announced plans for a major cybersecurity platform overhaul throughout 2021. However, the conflicting accounts undermined confidence in the exchange's transparency, particularly given evidence confirming extensive real-user data exposure. The breach highlighted systemic security failures, as MongoDB databases without password protection had previously caused incidents affecting organizations like Verizon and BeautifulPeople. No specific containment measures or post-breach customer protections were detailed in available statements beyond the promised security upgrades.