Security News > 2021 > January > Data breach at Buyucoin crypto exchange leaks user info, trades

A threat actor has leaked the stolen database for Indian cryptocurrency exchange Buyucoin on a hacking forum for free.

Over the weekend, a threat actor known as ShinyHunters posted the link to an archive that contains the alleged database dumps for the Buyucoin cryptocurrency exchange.

ShinyHunters is a threat actor well-known for hacking into websites and selling stolen user databases in private sales or via data breach brokers.

In the past, ShinyHunters also released the stolen databases for numerous other sites, including Tokopedia, Homechef, Dave, Promo, Mathway, and Wattpad. The Buyucoin archive leaked by the threat actor this week includes three different data dumps allegedly of the exchange's MongoDB database.

While Buyucoin has not responded to our email about the leaked database, from the data shared with BleepingComputer, it was possible to confirm the leaked email addresses correspond to the exchange users.

"Regarding the recent media reports, we are thoroughly investigating each and every aspect of the report about the malicious and unlawful cybercrime activities by foreign entities in mid-2020. Every BuyUcoin user with active portfolio has 3 factor authentication enabled trading accounts. All our user's portfolio assets are safe within a secure and encrypted environment. 95% of user's funds are kept in cold storage which are inaccessible to any server breach," Buyucoin said in a statement to Gadgets360.

News URL

https://www.bleepingcomputer.com/news/security/data-breach-at-buyucoin-crypto-exchange-leaks-user-info-trades/