Sensitive data of over 1.3 million Indian banking customers also appeared on the dark Web in 2019.Įxperts often point out that data leaks are getting more common in India as the country is expanding its digital infrastructure but without proper regulations on cybersecurity. Last month, Rajaharia found personal data of seven million Indian credit and debit cardholders leaked through the dark Web. Companies including Amazon, Airtel, Flipkart, Vi ( Vodafone Idea), Swiggy, and Uber are among its key clients enabling payments for their customers.įounded in 2012, Juspay holds Payment Card Industry Data Security Standard (PCI DSS) Compliance Level 1, which is the highest level of compliance given by the PCI Security Standards Council to payment merchants.
Its products are claimed to process over four million daily transactions and its system development kits (SDKs) are available on over 100 million devices. The details available on the Juspay site show that it has a team of over 150 people that reach 50 million users daily. “An old unused domain (used for a beta testing product) was pointing to an AWS Internet Protocol (IP) which has been reclaimed by another AWS user whose server is having this content,” Kumar said. He told Gadgets 360 that he noticed a configuration issue on the company's site that is currently redirecting to malicious websites. However, Rajaharia says that the security side of Juspay is still not that sound.
Millions of IoT Devices Vulnerable to Hacking, Research Shows.The surfaced details could be combined with the contact information available in the dump by scammers to run phishing attacks on the affected cardholders. However, particular transaction or order details are not apparently a part of the leak. It included personal details of several Indian cardholders along with their card expiry dates, customer IDs, and masked card numbers with the first and last four digits of the cards fully visible. The data surfaced on the dark Web is related to online transactions that took place at least between March 2017 and August 2020, the files shared with Gadgets 360 suggest. The Bengaluru-based startup acknowledged that some of its user data had been compromised in August. It appears to have been associated with payments platform Juspay that processes transactions for Indian and global merchants including Amazon, MakeMyTrip, and Swiggy, among others. The data included full names, phone numbers, and email addresses of the cardholders, along with the first and last four digits of their cards.
Sensitive data of over 100 million credit and debit cardholders has been leaked on the dark Web, according to a security researcher.
0 kommentar(er)
