ShellCodeX Breach Report
Upstox Data Breach
upstox.com
Verified breach
Passwords exposed
Accounts exposed
111,002
Breach date
08 Apr 2021
Added to tracker
19 Jan 2022
Data classes
13
What happened
In April 2021, Indian brokerage firm Upstox suffered a data breach. The incident exposed extensive personal information on over 100k customers including names, genders, dates of birth, physical addresses, banking information and passwords stored as bcrypt hashes. Extensive "know your customer" information was also exposed including scans of bank statements, cheques and identity documents complete with Aadhaar numbers.
Exposed data
Bank account numbers
Dates of birth
Email addresses
Family members' names
Genders
Government issued IDs
Income levels
Marital statuses
Nationalities
Occupations
Passwords
Phone numbers
Physical addresses
Recommended actions
- Change your Upstox password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Upstox — attackers weaponise breach data quickly.
- Monitor your bank and card statements closely and consider requesting a card replacement.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP