Independent cyber safety researcher Rajshekhar Rajaharia claimed on Sunday that knowledge of practically 10 crore credit and debit card holders within the nation is being sold for an undisclosed quantity on the Dark Web.
According to Rajaharia, the large knowledge dump on the Dark Web has been leaked from a compromised server of Bengaluru-based digital funds gateway Juspay.
JusPay advised IANS that no card numbers or monetary data had been compromised throughout the cyber-attack and the precise quantity is far decrease than the 10 crore-figure being reported.
“On August 18, 2020, an unauthorised attempt on our servers was detected and terminated when in progress. No card numbers, financial credentials or transaction data were compromised,” an organization spokesperson mentioned in an announcement.
“Some data records containing non-anonymised, plain-text email and phone numbers were compromised, which form a fraction of the 10 crore data records,” the spokesperson added.
However, Rajaharia claimed that the information was being sold on the Dark Web for an undisclosed quantity by way of cryptocurrency Bitcoin.
“For this data, hackers are also contacting via Telegram,” he advised IANS.
According to him, PCI DSS (Payment Card Industry Data Security Standard) have been adopted by Juspay in storing customers’ card data.
“However, if the hackers can find out the Hash algorithm used to generate the card fingerprint, they will be able to decrypt the masked card number. In this condition, all 10 crore cardholders are at risk,” Rajaharia famous.
The firm admitted that the hacker gained entry to at least one of Juspay’s developer keys and was spawning new computation servers within the developer account, attempting to achieve entry to any accessible knowledge.
Juspay, nonetheless, mentioned the masked card numbers which have been leaked will not be thought-about delicate as per compliance.
Only “few” telephone numbers and electronic mail addresses have been leaked which have dummy values, the spokesperson mentioned, including that it had intimated its service provider companions concerning the knowledge leak the exact same day.
“No card numbers (like 16-digit card number and other financial credentials) were accessed, as it is stored in a completely different isolated system. No transaction or order information was compromised,” the corporate spokesperson knowledgeable.
“We are making long-term investments for strengthening security and data governance with industry experts,” the corporate mentioned.
Founded in 2012, Juspay final yr raised $21.6 million in its Series B funding spherical.
The spherical was led by Sweden’s Vostok Emerging Finance (VEF), which invested $13 million within the know-how agency, marking its first funding within the nation.