Company calls in experts and tightens security amid reports of data warehouse leak

Indian stock trading site Upstox has reset user passwords and launched an investigation in response to user reports of a security breach.

In a statement, Upstox said it had upgraded the security of its systems and brought in external security consultants after receiving “emails claiming unauthorized access into [its] database”.

These messages suggested “contact data and KYC [Know your Customer] details may have been compromised from third-party data warehouse systems”.

KYC details typically include proof of names and addresses such as driving license or passport scans given to financial service suppliers as a measure to guard against money laundering.

Funds are ‘safe’

Upstox said despite the breach its users’ funds and securities are safe. “Funds can only be moved to your linked bank accounts and your securities are held with the relevant depositories,” it added.

As a precaution, Upstox has initiated a secure password reset via OTP [one time password]. In addition, Upstox has restricted access to the impacted databases and set up monitoring among other security enhancements.

“As a cutting-edge technology platform, we are further [r]amping up our industry-class bug bounty program to encourage ethical hackers to stress test our systems and protocols and help us identify any vulnerabilities from time to time,” Upstox added.

Upstox said that it had reported the incident to regulators.


Read more of the latest data breach news


The Daily Swig asked Upstox to confirm that it had verified that a security breach had happened as well as clarifying how many records may have been affected. No word back as yet, but we’ll update this story as and when more information comes to hand.


YOU MAY ALSO LIKE Facebook ‘knew about phone number data leak vulnerability two years before issue was fixed’, claims security researcher