ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Upstox Data Breach

upstox.com
Limited exposure
Verified breach Passwords exposed
Accounts exposed 111,002
Breach date 08 Apr 2021
Added to tracker 19 Jan 2022
Data classes 13

What happened

In April 2021, Indian brokerage firm Upstox suffered a data breach. The incident exposed extensive personal information on over 100k customers including names, genders, dates of birth, physical addresses, banking information and passwords stored as bcrypt hashes. Extensive "know your customer" information was also exposed including scans of bank statements, cheques and identity documents complete with Aadhaar numbers.

Exposed data

Bank account numbers Dates of birth Email addresses Family members' names Genders Government issued IDs Income levels Marital statuses Nationalities Occupations Passwords Phone numbers Physical addresses

Recommended actions

  • Change your Upstox password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Upstox — attackers weaponise breach data quickly.
  • Monitor your bank and card statements closely and consider requesting a card replacement.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP