Hi Guys,

Please see below the details of two massive data breaches. Have you ever used any of these services?

Upstox – 111,002 breached accounts
In April 2021, Indian brokerage firm Upstox suffered a data breach. The incident exposed extensive personal information on over 100k customers including names, genders, dates of birth, physical addresses, banking information, and passwords stored as bcrypt hashes. Extensive “know your customer” information was also exposed including scans of bank statements, cheques, and identity documents complete with Aadhaar numbers. The data was provided to Incognito by HIBP via a source who requested it be attributed to “[email protected]

Open Subtitles – 6,783,158 breached accounts
In August 2021, the subtitling website Open Subtitles suffered a data breach and subsequent ransom demand. The breach exposed almost 7M subscribers’ personal data including email and IP addresses, usernames, the country of the user, and passwords stored as unsalted MD5 hashes.

Please take the following actions if you have ever used one of these services:

  • Change your password and make sure your new password is at least 10 characters long and contains an upper case, lower case, number and a symbol. You can even use a modified phrase or a line from a song if that helps you remember.
  • Make sure you do not use the same password twice as this leaves you vulnerable to credential stuffing.
  • Find a good password manager tool to help you remember all of your passwords. Some of our users say that 1Password is a good tool.
  • Check out Incognito’s Email Hack Check tool. All you have to do is enter your email address and we will tell you instantly if it has been involved in one of the many data breaches that happen every day.

Please let me know if you need any help in relation to this.

All the best,
Max Roberts,
Incognito Privacy Care Team