fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Data Breach At Buyucoin Crypto Exchange Leaks User Info, Trades

Data Breach At Buyucoin Crypto Exchange Leaks User Info, Trades

A threat actor has leaked the stolen database for Indian cryptocurrency exchange Buyucoin on a hacking forum for free.

Over the weekend, a threat actor known as ShinyHunters posted the link to an archive that contains the alleged database dumps for the Buyucoin cryptocurrency exchange.

Pixlr database leaked for free

ShinyHunters is a threat actor well-known for hacking into websites and selling stolen user databases in private sales or via data breach brokers. This past week, ShinyHunters posted the databases for men’s clothing store Bonobos and photo editing site Pixlr.

In the past, ShinyHunters also released the stolen databases for numerous other sites, including TokopediaHomechefDavePromoMathway, and Wattpad.

The Buyucoin archive leaked by the threat actor this week includes three different data dumps allegedly of the exchange’s MongoDB database. This archive contains three tar files named after the date the database was dumped, which was on June 1st, 2020, July 14th, 2020, and September 5th, 2020.

It is unknown if the threat actor performed these dumps on those dates or if they are backups created by Buyucoin.

These database dumps contain tables for user records, cryptocurrency trade transactions, linked bank account information, and others used internally by the exchange.

Also Read: Letter of Consent MOM: Getting the Details Right

The user records table contains the information for 161,487 members. It includes email addresses, country, bcrypt hashed passwords, mobile numbers, and Google sign-in tokens if used when registering an account at the site.

A sample user record from the database

The wealth of information and the rising value of cryptocurrency has made this an exciting data leak for other threat actors on the hacking forum, who have posted their thanks for the data.

While Buyucoin has not responded to our email about the leaked database, from the data shared with BleepingComputer, it was possible to confirm the leaked email addresses correspond to the exchange users.

Buyucoin has also provided statements to Indian media stating that they are investigating the breach.

“Regarding the recent media reports, we are thoroughly investigating each and every aspect of the report about the malicious and unlawful cybercrime activities by foreign entities in mid-2020. Every BuyUcoin user with active portfolio has 3 factor authentication enabled trading accounts. All our user’s portfolio assets are safe within a secure and encrypted environment. 95% of user’s funds are kept in cold storage which are inaccessible to any server breach,” Buyucoin said in a statement to Gadgets360.

What should Buyucoin users do now?

As some of the exposed data is confirmed as accurate, it appears to be a legitimate breach.

Even though Buyucoin states that members are protected by 2FA, it is still strongly suggested that all users change their passwords on the site out of an abundance of caution. 

If the same password at Buyucoin is used at other sites, you should also change your password at these sites to one unique for the site.

A password manager is recommended to help you manage the unique passwords you use at the different sites.

Also Read: A Look at the Risk Assessment Form Singapore Government Requires

With cryptocurrency at record prices, users should be on the lookout for targeted phishing campaigns that attempt to steal login credentials, convince you to disable MFA, or download and install malware.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us