Aditya Birla Capital app hacked, digital gold of 435 users sold

Over the last few years, digital transactions—whether it's payments or shopping, banking, and even investing—have gained massive traction. However, the threat of cybersecurity is always lurking in the background. A case has been registered with the Central Cyber Police in Mumbai after someone hacked into Aditya Birla Capital's app and sold digital gold purchased by as many as 435 customers. The total loss to the company is estimated to be ₹1.95 crore, according to the complaint.

 

The financial services company, which is part of the Aditya Birla Group, launched its direct-to-consumer platform ABCD (Aditya Birla Capital Digital) in April 2024. A financial super app of sorts, the platform enables users to pay bills, make online recharges, make UPI payments, invest in mutual funds, and purchase loans and insurance, among other things. One could also buy digital gold and silver.

 

Users can register with their mobile phone number on the platform and buy 24k gold, with 999per cent purity, digitally. One can start from just Rs 10, according to the company's website. Like many other players, ABCD also purchases gold from government-approved MMTC-PAMP, and the gold purchased by customers is stored in secured vaults by the partner. Customers can sell the digital gold through the platform, too, but the transaction would have to be approved via an OTP sent to their mobile number.

 

According to company officials, the matter came to light when customers started calling the helpline to say that they hadn't authorised any such selling of digital gold from their account. The FIR notes that the company's technical team found out that an unknown person had hacked the application programming interface, changed the normal process of the app, sold digital gold from customers' accounts and transferred the funds into his various bank accounts.

 

"I received an email on June 9 from one of our call centre employees that a few customers had been calling the call centre complaining that their digital gold was sold without their authorisation and that they had received messages informing about it from MMTC-PAMP. I informed our technology cell, and they immediately stopped the digital gold service," according to the complaint registered by Ravindra Choudhary, the company's head of fraud risk management.

 

An investigation by ABCD's information security team revealed that on June 9, the digital gold of 435 customers was sold online without their authorisation, in turn causing a loss of ₹1.95 crore to the company.

 

According to company officials, the digital gold holdings of the affected customers were restored soon after and corrective action was taken to freeze transfers across multiple bank accounts. The officials add that the technical vulnerabilities related to the hack have been resolved. The company is working with cyber insurance partners, law enforcement officials and the Indian Computer Emergency Response Team (CERT-in) in the matter.

 

A case has been registered under Sections 318(4) and 319(2) (cheating and cheating by personation) of the Bharatiya Nyaya Sanhita, as well as various sections of the Information Technology Act. Investigations are ongoing, and no arrests have been made in the case yet.

 

While people may not stop transacting digitally, the case once again shows why one should stay vigilant.

Business