M1xchange, India's leading RBI-approved TReDS (Trade Receivables Discounting System) platform, has reportedly been targeted by the extortion group World Leaks, which claimed the breach on its dark-web leak site on June 9, 2026On June 9, 2026, the leak post references the victim M1xchange, an Indian technology platform that operates under the Reserve Bank of India's TReDS framework to facilitate trade receivables discounting for micro, small, and medium enterprises.
World Leaks is a rebrand of Hunters International, which shifted its model from file encryption to pure data-theft extortion in early 2025World Leaks emerged in January 2025 as a rebrand of the Hunters International ransomware operation, shifting its focus from file encryption to solely stealing sensitive data and threatening to leak it unless a ransom is paid. The group has previously targeted major firms, including a breach of one of Dell's demonstration platformsA newly rebranded extortion gang known as "World Leaks" breached one of Dell's product demonstration platforms earlier this month and is now trying to extort the company into paying a ransom.
M1xchange, operated by Mynd Solutions and founded in 2015, enables MSMEs to auction unpaid invoices to multiple financiers for immediate, collateral-free liquidityThe core role of M1xchange is to facilitate the discounting of trade receivables, including invoices and Bills of Exchange. It allows MSMEs to auction their invoices to multiple financiers (Banks/NBFCs) to get immediate liquidity at the lowest possible interest rates. Given the platform connects MSME suppliers, corporate buyers, and financiers, any data exposure carries significant downstream risk across India's MSME financing ecosystem.
Importantly, this remains an unverified claim posted on the attackers' leak site — security researchers monitoring it note: "No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed"NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security by monitoring services, and no official confirmation from M1xchange has been reported yet.
Users connected to the platform—corporate buyers, suppliers, and financiers—are advised to monitor official communications, reset credentials with MFA enabled, and alert internal security teams to watch for unusual account activity pending further clarity.
As per the spokesperson from M1xchange ,they categorically denies any data breach or data leak from its operating platform or core systems. M1xchange conducted a detailed internal review and has also engaged an independent third-party cybersecurity firm to assess the matter. The review till date has found no evidence of unauthorized access to M1xchange's systems or any breach of customer or platform data.
Our review indicates that the incident has arisen from the compromise of credentials of a single machine. The associated information was historical in nature and did not contain current operational data or indicate any compromise of M1xchange's systems, infrastructure, or customer-facing platform. Protecting the security and confidentiality of stakeholder information remains a top priority for M1xchange. We maintain robust security controls, processes, and monitoring in line with industry best practices.
We remain committed to transparency, the highest standards of information security, and preserving the trust placed in us by our customers, financiers, corporates, and ecosystem partners. We urge stakeholders to rely on verified information and official communications from M1xchange, rather than on unfounded allegations."
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.




