{ "id": "3318de2b-c723-420b-a547-c70cc740a8ff", "created_at": "2026-04-06T00:08:17.122999Z", "updated_at": "2026-04-10T03:34:59.563575Z", "deleted_at": null, "sha1_hash": "c5a367337e89bbe5539d720bc5843c38fbf2da24", "title": "ShinyHunters dump partial database of broker firm Upstox", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 58771, "plain_text": "ShinyHunters dump partial database of broker firm Upstox\r\nPublished: 2021-04-12 · Archived: 2026-04-05 15:06:38 UTC\r\nShinyHunters claims Upstox is negotiating with them.\r\nUpstox, a tech-first low-cost broking firm in India has issued an alert to inform customers about a data breach that\r\ntook place between March and April 2021. The retail broking firm claims that funds and securities are safe and\r\nunaffected by the breach.\r\nSEE: Online trading broker FBS exposes 20TB of data, 16 billion records\r\nOn its website, the company’s co-founder and CEO Ravi Kumar confirmed that some of the KYC (Know Your\r\nClient) data was stored in a third-party warehouse. \r\n“Funds can only be moved to your linked bank accounts and your securities are held with the relevant\r\ndepositories. As a matter of abundant caution, we have also initiated a secure password reset via OTP.\r\nThrough this time, we have also strongly fortified our systems to the highest standards.”\r\nUpstox has restricted access to the breached database and added multiple security layers at all third-party\r\nwarehouses. As of now, the company hasn’t revealed the number of customers affected by the breach.\r\nShinyHunters in action\r\nThe hacker behind the breach is ShinyHunters who published partial stolen data from Upstox and claimed that the\r\nreason behind dumping the data was to send a message to the company.\r\nShinyHunters added that Upstox did not respond to them when the company was informed about the breach.\r\nHowever, since the company has admitted on Sunday that its databases had been breached, ShinyHunters has\r\nremoved the download links from Raid Forums, an infamous hacker forum, and revealed that Upstox has\r\nresponded and “negotiations” are in process.\r\nWhat data was leaked?\r\nHackread.com has seen the data and it can be confirmed that it included the following information:\r\nNames\r\nCity\r\nState\r\nZipcodes\r\nLast login date\r\nPhone numbers\r\n100,000 Email addresses\r\nhttps://www.hackread.com/shinyhunters-broker-firm-upstox-database-leak/\r\nPage 1 of 2\n\nHashed passwords\r\nDate of birth\r\nBank Details\r\nDevice used by a user\r\nDate of account creation\r\nKYC (Passport, PAN, Cancelled Cheque, Sign Pics.)\r\nSample data\r\nInvestigation Underway\r\nUpstox states that after learning about unauthorized access to their database, they appointed a reputed international\r\ncybersecurity firm to investigate the reasons behind the breach. They also acknowledged that hackers had posted a\r\nsample of the company’s data online.\r\nMoreover, Upton has now enabled 24×7 real-time monitoring and added ring-fencing to its network.\r\nDiscover more\r\nElectronics\r\nComputer Security\r\nEmail \u0026 Messaging\r\nStock Broking Firms The New Target of Hackers\r\nCybercriminals seem to be running out of options and opportunities, given the advancement in security solutions.\r\nPerhaps that’s why they have set their eyes on stockbroking firms after targeting e-commerce sites and other\r\nlucrative platforms.\r\nSEE: Hackers leak Airtel India user data, Aadhaar numbers\r\nCompanies that fail to adopt high-tech and stringent security measures fall prey to the hackers’ malicious tactics.\r\nThe same seems to be the case with Upstox, India’s second-largest discount brokerage firm, as per the number of\r\nactive clients. The company boasts over 3 million users and is backed by mainstream Indian investors like Ratan\r\nTata.\r\nDid you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.\r\nSource: https://www.hackread.com/shinyhunters-broker-firm-upstox-database-leak/\r\nhttps://www.hackread.com/shinyhunters-broker-firm-upstox-database-leak/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.hackread.com/shinyhunters-broker-firm-upstox-database-leak/" ], "report_names": [ "shinyhunters-broker-firm-upstox-database-leak" ], "threat_actors": [ { "id": "c071c8cd-f854-4bad-b28f-0c59346ec348", "created_at": "2023-11-08T02:00:07.132524Z", "updated_at": "2026-04-10T02:00:03.422366Z", "deleted_at": null, "main_name": "ShinyHunters", "aliases": [], "source_name": "MISPGALAXY:ShinyHunters", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "6f7f2ed5-f30d-4a99-ab2d-f596c1d413b2", "created_at": "2025-10-24T02:04:50.086223Z", "updated_at": "2026-04-10T02:00:03.770068Z", "deleted_at": null, "main_name": "GOLD CRYSTAL", "aliases": [ "Scattered LAPSUS$ Hunters", "ShinyCorp", "ShinyHunters" ], "source_name": "Secureworks:GOLD CRYSTAL", "tools": [], "source_id": "Secureworks", "reports": null }, { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null }, { "id": "d8dff631-87b0-4320-8352-becff28dbcf1", "created_at": "2022-10-25T16:07:24.565038Z", "updated_at": "2026-04-10T02:00:05.034516Z", "deleted_at": null, "main_name": "ShinyHunters", "aliases": [], "source_name": "ETDA:ShinyHunters", "tools": [], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434097, "ts_updated_at": 1775792099, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/c5a367337e89bbe5539d720bc5843c38fbf2da24.pdf", "text": "https://archive.orkl.eu/c5a367337e89bbe5539d720bc5843c38fbf2da24.txt", "img": "https://archive.orkl.eu/c5a367337e89bbe5539d720bc5843c38fbf2da24.jpg" } }