What happened?

According to the reports, Upstox, a stockbroker in India has been hit by a cyberattack. This attack is being considered as a big cyberattack considering the stature of the company. Data which is said to be stolen comprises of 25 million users[i.e. 2.5 crore users]. Hackers, have put up the sample of the data stolen on the dark web.

Which data of users are said to be compromised?

The following below are data that was leaked in the attack:

  • Name
  • Mobile number
  • Address
  • Pan number
  • Aadhar number
  • uploaded signature photos
  • Other kyc documents if uploaded.

Upstox said, the securities and fund of customers are safe and they have enhanced their server securities now. The firm also said, “Leading cyber-security firm to investigate possibilities of breach of some KYC data stored in third-party data warehouse systems.”

Ravi Kumar, Co-founder & CEO of Upstox, wrote a blog statement on their website, “We take your security and privacy very seriously. While we have already reported this incident to the relevant authorities, we deeply regret any inconvenience this may have caused you.

What steps has Upstox taken in the light of such incident?

Kumar, said in his blog, “Funds can only be moved to your linked bank accounts and your securities are held with the relevant depositories. As a matter of abundant caution, we have also initiated a secure password reset via OTP.

The following steps have been taken by Upstox to make sure their systems are secured with highest standards:

  • Immediately restricted access to the impacted database
  • Added multiple security enhancements at all third party data-warehouses
  • Setup real-time 24×7 monitoring
  • Additionally ring-fenced the network

Upstox has also initiated multiple security enhancements with real time 24×7 monitoring.

Have an account on the platform? worried whether your account was compromised? What steps you can take to ensure your security?

Follow the steps to ensure maximum security of your account:

  • Use a strong combination of characters, numbers, special symbols as a password. make sure the password doesn’t contain any words that can be guessed like your D.O.B or name.
  • Make sure to properly use the OTP that has been sent to you by the company. when used, discarding the OTP from your messages is considered a good practice.
  • Be cautious, if you receive any kind of suspicious messages or phone calls asking for personal information, Banking details, account information or OTP etc.
  • Be aware of URL’s which you receive in the messages. these links can be malicious in nature and could be used to infect your device to steal your critical personal and financial information stored in it.

If you think your account has been compromised then follow these steps below:

  • Change your login credentials that you have been using[ follow the 1st step mentioned in the previous list above]. Also make sure to keep a habit of changing your passwords in every 3-6 months for maintaining a good cyber hygiene.
  • Contact the support of the platform via mail, chat or toll free support and tell them about your issue. They might be able to help you out with all the other problems like suspicious logins/transactions etc.

By Siddhant Pathak

Cyber security architect, 7+ years experience in cyber security industry, Tech savy, Nature lover, Bullet 350 rider

Have some thoughts? why not share with us here.