Upstox Reports Security Breach Into Its Database

On Sunday, Upstox, an Indian broking company known as the second-larges by active customers, announced that it may have suffered a security breach in its database, which includes contact information and KYC.

In a statement released on the company website, Upstox said, “On receipt of e-mails claiming unauthorized access into our database, we have appointed a cyber-security firm to investigate possibilities of a breach.”

“These claims suggested that some contact data and KYC details may have been compromised from third-party data-warehouse systems,” it noted.

Upstox Reports Security Breach

Ravi Kumar, co-founder, and CEO of Upstox has also reassured that customers’ funds and securities are safe and protected.

He said, “Funds can only be moved to your linked bank accounts and your securities are held with the relevant depositories.”

“As a matter of abundant caution, we have also initiated a secure password reset via OTP. Through this time, we have also strongly fortified our systems to the highest standards,” he added.

On the advice of an international cyber-security company, the retail brokerage firm recently updated its security infrastructure significantly in response to an alleged hacking.

Upstox stated that it has automatically blocked access to the affected server. It has also installed several security improvements at all third-party data warehouses. Besides, it has ring-fenced the network and set up real-time 24×7 surveillance.

The company has increased its bug bounty scheme to allow ethical hackers to stress-test its infrastructures and procedures on a regular basis and assist it in identifying any bugs.

Upstox did not disclose the number of customer accounts that may have been compromised. The company has over three million users and is funded by investors such as Tiger Global and Ratan Tata.

International hacker networks have recently increased their cyberattacks on Indian start-ups and unicorns, attracted by the enormous market values being reported.

Start-ups usually outsource non-core operations to many of the service providers, including cloud computing services for both trading engines and storage systems, according to network security analysts.

Hackers take advantage of flaws in the several interconnect points between the main networks and subsidiary service providers.

Industry sources claim that such attacks are becoming more common throughout industries. In the e-commerce and financial services sectors, there has been a spike in the number of data breaches at technology and digital media firms.

Mobikwik, Zomato, WhiteHat Jr, BigBasket, Dunzo, Freshmenu, Just-Dial, and Paytm Mall, are among the companies that have recently announced data breaches.