The company that processes payments for Amazon and Swiggy has reported a data leak of over 100 million debit and credit cardholders
- Information of over 100 million debit and credit card users has been leaked online from payments processor
- The leak includes the user’s names, contact information and information related to their debit and credit cards.
- Juspay processes payments for companies like Amazon, Swiggy, MakeMyTrip and several other companies.
- Cybersecurity researcher Rajshekhar Rajaharia who first spotted the breach has said that it could become a lot more serious if hackers figure out the encryption algorithm.
AdvertisementIn what could be a major data breach, information of over 100 million debit and credit card users from payments processor Juspay has leaked on the dark web. Juspay processes payments for companies like Amazon, Swiggy, MakeMyTrip among others.
The leaked data is in the form of a data dump and has been leaked through a compromised server of Juspay. Juspay has confirmed the data leak in its official blog post, outlining the details of the breach.
“It pains us to inform you that a data breach did happen on 18th August 2020. Non-sensitive masked card information, mobile numbers and email ids of a subset of our users were compromised,” the company said.
Cybersecurity researcher Rajshekhar Rajaharia discovered the data breach. He found that the data dump was available for sale on the dark web.
Speaking to Business Insider, Rajaharia noted that this data breach could be a lot more serious if the hackers figure out the encryption algorithm used to hash card numbers.
Here’s what was leaked in the
As per Juspay, the leaked information includes non-sensitive masked card information, mobile numbers and email IDs of a subset of users. The company has said that the leaked information does not include full card numbers, order information, card PIN or password.
The data on the dark web includes information such as the bank that has issued the card, card expiry date, the last four digits of the card, masked card number, card type and the user’s name, among other details.
Should you be worried?
Rajaharia pointed out that there could be a major risk to users if the algorithm used to hash card numbers is leaked or if the hackers figure it out on their own.
A hash is a unique and fixed-length string that is mapped to a set of data. In this case, Juspay has hashed the 16-digit debit and credit card numbers in order to process transactions.
AdvertisementIf hackers can figure out the algorithm used to generate these hashes, they could use brute force and find out what the original card numbers are.
Juspay has masked only six digits out of sixteen-digit card numbers. Rajaharia says that while this is good, the safety of users rests primarily on the hashing algorithm.
Scammers could also exploit this data leak
In addition to the risks mentioned above, Rajaharia also pointed out that scammers could exploit this data leak to dupe cardholders. Since the leak includes mobile numbers, they could call unsuspecting cardholders and trick them into revealing the full card numbers, PIN, CVV as well as one-time passwords.
Rajaharia also pointed out that since these users are paying customers, they are a lot more valuable than non-paying customers. This makes the
According to him, the seller he is in touch with has demanded $8,000 in Bitcoin to purchase the data.
From FireEye to Twitter to Covid-19 vaccine research — these were the biggest cyber attacks of 2020
Hackers are sending customers fake shipping messages appearing to come from Amazon and UPS as a 'shipageddon' is expected during a hectic shopping season
Popular on BI
- A Google recruiter says he discovered he'd lost his job after a call with one of his candidates suddenly disconnected
- A Google employee of 11 years says he and his wife stared at each other in 'disbelief' when they realized they'd both been laid off by the company
- A Google engineer of 8 years says his 'spidey-senses' detected incoming layoffs — and felt 'isolated' when his 'faceless' severance email arrived
- DGCA slaps ₹10L fine on Go Air for leaving behind 55 passengers at B'luru airport
- Vedanta Q3 net profit drops 41% on higher input costs
- ED attaches 32 properties worth ₹70 crore in fraudulent TDS refund case
- RRR surpasses Cruise’s Top Gun 2 & Spielberg’s The Fabelmans in the top 10 movies of 2022
- Weekend OTTs: Ayushmann Khurrana’s ‘An Action Hero’ to ghost hunts with ‘Lockwood and Co’