Indian exchange BuyUCoin was hacked, and the official denied that its user information was leaked

Users of Indian cryptocurrency exchange BuyUCoin have reportedly been hacked, with the personal data of more than 325,000 users leaked.
According to Indian news outlet Inc42, a hacker group called ShinyHunters leaked a database containing the names, phone numbers, email addresses, taxpayer identification numbers, and bank account information of more than 325,000 BuyUCoin users. However, a subsequent report from Bleeping Computer suggests that information on only 161,487 BuyUCoin users may have been compromised.
Cybersecurity researcher Rajshekhar Rajaharia posted screenshots of the leaked data on Twitter last week, which date back to September 2020. The screenshots showed data including trading activity and the BuyUCoin referral identification code.
Trading in Cryptocurrency? Data of 350,000 BuyUCoin users including me has been leaked. The leaked data includes name, email, mobile number, bank account number, PAN number, wallet details etc. BuyuCoin has once again failed to notify the affected users.
— Rajshekhar Rajaharia (@rajaharia) January 21, 2021
BuyUCoin initially claimed that “not even a single user was affected by the data breach” and called the reports “rumors”, but has since released a statement saying it is “fully investigating all aspects of reported malicious and illegal cybercriminal activity by foreign entities.” The exchange added that all user funds are “safe and sound in a secure environment” as it reports 95% of funds are in cold storage.
While no funds were reportedly affected in the hack, BuyUCoin users are still potentially at risk. Like the exchange’s users, Ledger users’ personal data was also compromised in June and July 2020, affecting 272,853 users who had ordered hardware wallets. Some users reportedly said they received threatening emails demanding a ransom in cryptocurrency within 24 hours or they would face “dire” consequences.
While real-world attacks to steal cryptocurrency are much less common than hacks or scams, they do happen. Whether worried about their data or concerned about their physical health, some BuyUCoin users expressed dismay at reports of the breach.
“What if someone uses my account for any illegal activity?” BuyUCoin user Rajaharia said in a follow-up tweet, calling the exchange’s initial response “irresponsible.”
The media contacted BuyUCoin CEO Shivam Thakral for comment, but did not receive a response as of the time of publication. (Cointelegraph)