Juspay Data Breach: Sensitive Information of Over 10 Crore Debit, Credit Cardholders Leaked on Dark Web
Private data of over 10 Crore credit and debit cardholders have been leaked on the dark web, as per a security researcher. According to reports, the sensitive information has been leaked from a faulty serve of Juspay, a mobile payments company. This included the names, phone numbers, and email addresses of the cardholders as well as the first and last digits of cards.
New Delhi, January 4: Private data of over 10 Crore credit and debit cardholders have been leaked on the dark web, as per a security researcher. According to reports, the sensitive information has been leaked from a faulty serve of Juspay, a mobile payments company for the transaction that took place during March 2017 to August 2020 . This included the names, phone numbers, and email addresses of the cardholders as well as the first and last digits of cards. What is Dark Web? How to Access It and Is It Legal? Know The Difference Between Deep Web and Dark Web.
According to reports, cybersecurity researcher Rajshekhar Rajaria discovered the data leak from Juspay's server over week ago. He told the leaked data was available on the dark web for sale for an undisclosed amount. “The hacker was contacting buyers on Telegram and was asking for payments in Bitcoin,” Rajaharia told India Today. Bigbasket Faces Potential Data Breach; Details of 2 Crore Users Put on Sale on Dark Web.
According to Gadgets 360, the data that was leaked on the dark web contained information related to debit and credit card transactions that took place between March 2017 and August 2020. Juspay that processes payments for companies including Amazon.in, MakeMyTrip, and Swiggy, among others, has acknowledged a data breach on its platform.
“On August 18, 2020, an unauthorised attempt on our servers was detected and terminated when in progress. No card numbers, financial credentials or transaction data were compromised. Some data records containing non-anonymised, plain-text email and phone numbers were compromised, which form a fraction of the 10 Crore data records,” Juspay founder Vimal Kumar told Gadgets 360.
“The masked card data (non-sensitive data used for display) that was leaked has two crore records. Our card vault is in a different PCI compliant system and it was never accessed. We do hundreds of rounds of hashing with multiple algorithms and also have a salt (another number appended to the card number). The algorithms that we use are currently not possible to reverse engineer even given enough compute resources,” he added.
(The above story first appeared on LatestLY on Jan 04, 2021 11:57 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).