33 C
Wednesday, January 20, 2021
Home Business 3 more Indian firms HACKED! 1.13 crore customers' data at threat, researcher...

3 more Indian firms HACKED! 1.13 crore customers’ data at threat, researcher says

Image Source : AP/FILE

3 more Indian firms HACKED! 1.13 crore customers’ data at threat, researcher says

After hacking masked credit score and debit card data of crores of Juspay customers, the identical hacker presumably referred to as ‘ShinyHunters’ is now promoting databases belonging to 3 more Indian corporations on Dark Web, unbiased cybersecurity researcher Rajshekhar Rajaharia claimed on Wednesday.

According to Rajaharia who first broke the JusPay hacking, the three Indian corporations are e-marketplace Click onIndia, fintech startup for small enterprise homeowners ChqBook and marriage ceremony planning web site WedMeGood.

“Nearly 80 lakh users of ClickIndia (name, email, mobile and other personal details), 10 lakh users of ChqBook (name, email, mobile, full address and other personal details) and 13 lakh users of WedMeGood (name, email, hashed password, other sensitive personal information),” Rajaharia informed IANS.

Like JusPay, these three corporations have additionally not allegedly informed the customers concerning the data breach, claimed the safety researcher.

The names of the three Indian corporations had been first reported by BleepingComputer web site, saying {that a} “data breach broker is selling the allegedly stolen user records for 26 companies on a hacker forum”.

ChqBook denied the assault whereas the opposite two corporations had been but to react to the report.

According to Sonit Jain, CEO of GajShield Infotech, such incidents, as soon as confirmed no matter data sensitivity, leaves a adverse impression over the digital fee platforms.

“Simple data like email ID and phone number which may not look sensitive can turn out to be lethal means of financial fraud at personal level, if fallen in wrong hands,” Jain informed IANS.

Bengaluru-based digital funds gateway JusPay mentioned in an earlier assertion that the corporate verified that their Secure Data Store, which hosts the confidential card numbers, was not accessed or compromised.

“Thus, all our customers were secure from any kind of risk. Our priority was to inform the merchants and as a measure of abundant precaution, they were issued fresh API keys though it was later verified that even the API keys in use were safe,” the corporate mentioned.

According to Rajaharia, the hacker is identical who leaked BigBasket data, beforehand reported by the cybersecurity agency Cyble.

In November final yr, considered one of India’s widespread on-line grocery shops BigBasket, discovered that its data of over 20 million customers had been hacked and had been on sale on the darkish internet for over $40,000.

“Now, the same hacker group is asking about $10,000 in Bitcoin for the BigBasket database and is also selling the three companies’ databases,” Rajaharia mentioned.

“There is a strong connection between all these recent data leaks, including BigBasket,” he added.

US-based third-party cyber intelligence agency Cyble claimed in its official weblog that although the alleged breach occurred on October 14, it detected it on October 30, validated it on October 31 and knowledgeable BigBasket on November 1.

The person database was estimated to be about 20 million, with names, e mail ids, password hashes, pin, contact numbers, addresses, date of delivery, location and IP addresses of login.

JusPay on Tuesday mentioned that about 3.5 crore information with masked card data and card fingerprint had been compromised by the hacker and the declare of 10 crore cardholders’ data being affected is “incorrect”.

Latest Business News

Source link

Most Popular