Leaked Data of 10 Crore Indian Card Holders Is Being Sold On Dark Web After Juspay Faces a Cyber Attack In August

The data of 10 crore users have been leaked and is being sold on the dark web. The number of users affected by the leaked data can be considered to be the biggest data leak in Indian history. The data was leaked from the servers of Juspay. Juspay is a mobile payments solution company that is headquartered in Bengaluru.

A company’s spokesperson stated that “On August 18, 2020, an unauthorized attempt on our servers was detected and terminated when in progress. No card numbers, financial credentials, or transaction data were compromised. Some data records containing non-anonymized, plain-text email and phone numbers were compromised, which form a fraction of the 10 crore data records”.

The company’s spokesperson also informed that the “No card numbers (like 16-digit card number and other financial credentials) were accessed, as it is stored in a completely different isolated system. No transaction or order information was compromised.”

The leaked data is believed to contain sensitive information and was leaked by the dump data technique. It contains sensitive information like card brand of the user, name on the card, the type of card – whether it is debit or credit card, masked card number, visible last four digits of the card, expiry date of the card, card fingerprint, card ISIN, customer ID, and merchant account ID with several other details. Out of the ten crore users’ leaked data, around two crore users’ payment card details of more than 15 fields have been leaked, confirms Juspay. One subset of 10 crore user leaked data consists of information like name, emails, phone numbers. 

However, the leaked payment card info has been masked at some places leading to partially visible card numbers and thus reducing the probability of a financial scam. The hackers could still use the information for phishing attacks or scams to gain the remaining info. It is being said that the data is being sold on the dark web, but still, the rate to buy this data isn’t made visible. Cybersecurity researchers also believe that the hackers can gain huge amounts of money for such crucial and important data, and if somehow the hackers find the algorithm that was used to generate the card fingerprint, then the hackers would easily gain access to card numbers. It shouldn’t be ignored that Juspay was following Payment Card Industry Data Security Standards (PCI DSS) to store user’s payment card details.

The Juspay company concluded by saying that they are making long-term investments with industry experts for governing data and making it more secure than ever before.

If you like this article, follow us on Twitter, Facebook, Instagram, and Linkedin.