Sunday, June 13, 2021
Home Data The company that processes payments for Amazon and Swiggy has reported a...

The company that processes payments for Amazon and Swiggy has reported a data leak of over 100 million debit and credit cardholders

In what may be huge data theft, details from over 100 million debit and credit card customers from the Juspay payment processor have leaked to the dark web. Juspay handles fees for businesses like Amazon, Swiggy, MakeMyTrip and others.

The leaked data is in the form of a data dump which has been leaked from a hacked Juspay site. Juspay acknowledged the leak in its official blog post, detailing the specifics of the violation.

“It is difficult for us to notify you that a breach of data occurred on 18 August 2020. Non-sensitive masked card records, mobile numbers and email IDs of a subset of our users have been compromised,” the company said.

Cybersecurity researcher Rajshekhar Rajaharia discovered a leak of records. He discovered that the data dump was usable on the dark web for sale.

Speaking to Business Insider, Rajaharia noted that this data leak could be much more serious if hackers were to find out the encryption algorithm used to crack card numbers.

Here’s what was leaked in the breach of the Juspay data

As per Juspay, the leaked information contains non-sensitive masked card information, mobile numbers, and subset of users’ email IDs. The company confirmed that the information leaked does not contain full card numbers, order information, PIN card or password.

The dark network data contains information such as the bank that issued the card, the card expiry date, the last four digits of the card, the masked card number, the card type and the name of the customer, among other information.

Will you be concerned about that?

Rajaharia points out that there might be a big danger to consumers if the algorithm used for hash card numbers were leaked or if the hackers would work it out on their own.

A hash is a special, fixed-length string mapping to a data set. In this case, Juspay has hacked 16-digit debit and credit card numbers to handle transactions.

If hackers would work out the algorithm used to create these hashes, they could use brute force to find out what the initial card numbers are.

Juspay masked just six digits out of sixteen digit card numbers. Rajaharia says that while this is fine, the protection of users is largely dependent on the hashing algorithm.

Scammers may also take advantage of this data leak

In addition to the threats listed above, Rajaharia also pointed out that scammers might use this data leak to dupe cardholders. As the leak involves mobile numbers, they could call unsuspecting cardholders and trick them into exposing full card numbers, PIN, CVV, and one-time passwords.

Rajaharia also found out that because these consumers are paid clients, they are much more beneficial than non-paying customers. This makes the Juspay data leak even more lucrative for hackers and scammers.

According to him, the seller he’s in contact with has asked Bitcoin for $8,000 to purchase the data.

khushbu
Khushbu Sonihttps://www.cionews.co.in
Chief Editor - CIO News | Founder & CEO - Mercadeo

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -WhatsApp Image 2020 11 10 at 1.52.58 PMWhatsApp Image 2020 11 10 at 1.52.58 PMWhatsApp Image 2020 11 10 at 1.52.58 PMWhatsApp Image 2020 11 10 at 1.52.58 PM

Most Popular

Driverless passenger car technology to be developed by Huawei by 2025

Expected to bring a sea change to the transportation industry, works on self-driving vehicle systems or driverless passenger car technology are...

Machine learning and mathematics notwithstanding, India lags in data skills

Despite having high proficiency in machine learning and mathematics, India ranks 67th globally, with 38 per cent proficiency and mid-rankings globally...

Cyber-security: India, Australia to broad-base cooperation

Cyber-security: India, Australia to broad-base cooperation

Cloud modernisation journey: Cognizant forms a unit with Google Cloud

Cloud modernisation journey: Cognizant forms a unit with Google Cloud

Recent Comments