^{April 13, 2021}
either/view ⚖️
‘Tis the season of breaches
_{To: either/view subscribers}

---

Good afternoon. If you have not watched fintech company Cred’s advertisement featuring Rahul Dravid during the ongoing Indian Premier League (IPL) matches, then you must be hiding under a rock. The ad has lit up social media, and the reason for that – it features an angry avatar of Rahul Dravid, flipping his gentleman image in real life. Apparently, he considers himself “Indiranagar ka gunda”. You can enjoy watching it here.

Upstox, one of India’s leading digital brokerage firms, has recently become an official partner for IPL. The company has also released several advertisements during the match telecasts. Many people will now know more about Upstox, but the timing of the development is unfortunate as you will see in today’s feature story.

---

📰 FEATURE STORY

Upstox data breach

Upstox is the new victim of hackers. Security researchers had flagged the Upstox data breach on Sunday, and the company has also issued a statement regarding the same.

Context

Last week, there were reports that KYC data of about 11 crore Indians had been leaked from Mobikwik’s servers by hackers (read the either/view article about the issue here). Typically, KYC data includes personal details like bank accounts, PAN, passport, Aadhaar, etc. and are mapped with users of the platform. This data can be used for spamming the affected individuals or, in worst-case scenario, can lead to financial manipulation by hackers.

The recent data breaches have been attributed to a vulnerability in the security of the company’s servers. Typically, it has to do with not securing the access keys (like username and password) to the company’s servers.

Breach details:

In a twitter post on Sunday, independent security researcher Rajshekhar Rajaharia revealed that around 25 lakh users have been affected due to the Upstox data breach. He alleged that the hackers could be ShinyHunters, a criminal hacking group known for several famous data breaches across the world.

The Upstox data leak includes details like Name, Email, PAN, Date of Birth, Bank Details, and KYC details like Passport, PAN, Cancelled Cheques and even pictures of users’ signatures.

Again Huge KYC Leak!! approx 2.5 Million @upstox Users Including 56 Million KYC files alleged leaked by ShinyHunters from UpStox Server. Data Including Name, Email, DOB, PAN, Bank Details, KYC(Passport, PAN, Cancelled Cheque, Sign Pics etc.) #infosec #GDPR #databreach pic.twitter.com/IZQIWVD0MM

— Rajshekhar Rajaharia (@rajaharia) April 11, 2021

Upstox’s response:

To be fair, Upstox had alerted its users about a possible security breach couple of hours before Rajshekhar Rajaharia’s revelations about the details.

In a statement issued on Sunday, the company claimed that they had upgraded their security systems after they had received emails which claimed that they had unauthorized access into the company’s database. The company stated that the alleged leak included some contact data and KYC details which could have been compromised from “third-party data-warehouse systems”.

“We would like to assure you that your funds and securities are protected and remain safe. Funds can only be moved to your linked bank accounts and your securities are held with the relevant depositories. As a matter of abundant caution, we have also initiated a secure password reset via OTP,” the company’s statement read.

The company also noted that this particular hack has been reported to the relevant authorities.

---

🕵️ BEYOND ECHO CHAMBERS

For the Right:

• Union Minister Nitin Gadkari may have refused any link with the Scania bus allegations, but his sons’ messages and loan to front company says otherwise.

For the Left:

• Uttar Pradesh is scripting a silent transformation through the construction of expressways.

---

🗳️ ELECTION WATCH

Assam

(126 constituencies – 3-phase polls)

• After the Congress party and All India United Democratic Front (AIUDF) had packed off their candidates in the assembly polls to Rajasthan due to fear of horse trading, ally Bodoland People Front (BPF) has also sent off its candidates to some place outside Assam. Speculation is that they may have gone abroad, possibly to Bhutan.

Kerala

(140 constituencies – 1-phase poll)

• The Election Commission is set to hold polls on April 30 to three Rajya Sabha seats, which will fall vacant on April 21. The EC had put the polls on hold due to a reference from the Union Law Ministry, but the Kerala High Court has asked the EC to conduct the polls before the term of the present legislative assembly comes to an end.

Tamil Nadu

(234 constituencies – 1-phase poll)

• In the recently concluded assembly election, more women than men voted in the state. 4,57,76,311 had voted during the election, out of which 2,31,71,736 were women, 2,26,03,156 were men, and 1,419 were others. However, in percentage terms, 72.55% women and 73.09% men had turned out to vote.

West Bengal

(294 constituencies – 8-phase polls)

• The Election Commission has imposed a 24-hour ban on campaigning on Chief Minister Mamata Banerjee, after she was found to have made some remarks against central forces and a statement which contained communal overtones. Mamata Banerjee lashed out at the EC’s decision stating that it was “unconstitutional and undemocratic”.

---

🏴 STATE OF THE STATES

Virus does not care for justice (Delhi) – 50% of the staff in Supreme Court have tested positive for COVID-19. Due to this grim situation, the apex court has decided to let all judges work from their homes and to assemble via video links.

Daydreamer’s fantasy (Punjab) – Lawyer Palwinder Kaur’s unusual petition to take action against United Kingdom’s Prince Harry for allegedly reneging on his promise to marry her was dismissed by the Punjab and Haryana High Court. The proof shown by the lawyer included some social media chat transcripts between her and someone alleged to be Prince Harry. Dismissing the petition as a “daydreamer’s fantasy”, the court added that it could only show its sympathy to the woman for believing a fake online conversation to be true.

Dead, on paper (Bihar) – The Patna Medical College and Hospital had declared Chunnu Kumar dead and informed his family to cremate his body, which was covered in black polythene. Just before the cremation ceremony, Chunnu’s wife Kavita Devi suspected that the height of the body did not match that of her husband. Based on her insistence, the face of the body was shown to the family members. It turned out to be someone else. Apparently, Chunnu Kumar was still in the hospital ward, recovering well.

---

🔢 KEY NUMBER

₹10.71 trillion – Central government’s indirect tax collection for the financial year (FY) 2020-21. Indirect tax collections include Goods and Services Tax (GST), excise duty and customs.