A risk actor has leaked the stolen database for Indian cryptocurrency alternate Buyucoin on a hacking discussion board without cost.
Over the weekend, a risk actor referred to as ShinyHunters posted the hyperlink to an archive that incorporates the alleged database dumps for the Buyucoin cryptocurrency alternate.
ShinyHunters is a risk actor well-known for hacking into web sites and promoting stolen consumer databases in personal gross sales or through information breach brokers. This previous week, ShinyHunters posted the databases for males’s clothes retailer Bonobos and picture modifying web site Pixlr.
Previously, ShinyHunters additionally launched the stolen databases for quite a few different websites, together with Tokopedia, Homechef, Dave, Promo, Mathway, and Wattpad.
The Buyucoin archive leaked by the risk actor this week contains three completely different information dumps allegedly of the alternate’s MongoDB database. This archive incorporates three tar recordsdata named after the date the database was dumped, which was on June 1st, 2020, July 14th, 2020, and September fifth, 2020.
It’s unknown if the risk actor carried out these dumps on these dates or if they’re backups created by Buyucoin.
These database dumps comprise tables for consumer data, cryptocurrency commerce transactions, linked checking account data, and others used internally by the alternate.
The consumer data desk incorporates the knowledge for 161,487 members. It contains e-mail addresses, nation, bcrypt hashed passwords, cell numbers, and Google sign-in tokens if used when registering an account on the web site.
The wealth of knowledge and the rising worth of cryptocurrency has made this an thrilling information leak for different risk actors on the hacking discussion board, who’ve posted their thanks for the information.
Whereas Buyucoin has not responded to our e-mail concerning the leaked database, from the information shared with BleepingComputer, it was potential to substantiate the leaked e-mail addresses correspond to the alternate customers.
Buyucoin has additionally supplied statements to Indian media stating that they’re investigating the breach.
“Concerning the latest media reviews, we’re completely investigating every side of the report concerning the malicious and illegal cybercrime actions by international entities in mid-2020. Each BuyUcoin consumer with lively portfolio has 3 issue authentication enabled buying and selling accounts. All our consumer’s portfolio property are protected inside a safe and encrypted setting. 95% of consumer’s funds are stored in chilly storage that are inaccessible to any server breach,” Buyucoin stated in an announcement to Gadgets360.
What ought to Buyucoin customers do now?
As a few of the uncovered information is confirmed as correct, it seems to be a reliable breach.
Despite the fact that Buyucoin states that members are protected by 2FA, it’s nonetheless strongly advised that each one customers change their passwords on the positioning out of an abundance of warning.
If the identical password at Buyucoin is used at different websites, you also needs to change your password at these websites to at least one distinctive for the positioning.
A password supervisor is advisable that will help you handle the distinctive passwords you utilize on the completely different websites.
With cryptocurrency at report costs, customers ought to be looking out for focused phishing campaigns that try to steal login credentials, persuade you to disable MFA, or obtain and set up malware.
