Cyber SecurityHackingPrivacy

100 Million+ Credit, Debit Card Data Leaked; Posted on Darkweb

Critical Credit and Debit Card information of over 100 million users leaked on the Darkweb. The data leaked through a faulty server of a Bengaluru based startup Juspay. The startup processes transaction for Amazon, Swiggy, Airtel, Vi, Uber, and many other merchants.

The startup acknowledged the leak but the number revealed now by a Security Researcher Rajshekhar Rajaharia. The data of transactions processed between March 2017 to August 2020 are on the list apparently not the transactions themselves.

The data leaked include Credit/Debit cards starting and ending four digits, Card expiry date, Customer IDs, Full Names, Phone Numbers, and Email Addresses. The leaked data is in the form of MySQL which the hacker was selling on Darkweb and Telegram. The MySQL data and Juspay API data is exactly the same, found the researcher.

The startup acknowledges the leakage but as per them, only metadata of the customers were leaked and not any sensitive information.

No card numbers, financial credentials, or transaction data was compromised. Data records containing non-anonymised email, phone numbers and masked cards used for display purposes (contains first four and last four digits of the card, which is not considered sensitive), were compromised.

Vimal Kumar, Founder – Juspay

Moreover, Kumar told Gadgets 360 that the company told their merchant partners about such breach of servers. He also told that the algorithm the company using is not possible to reverse engineer.

Ritik Banger

Founder and Editor of The Tech Infinite. An Engineering Graduand who loves to write in Cyber Security, Tech News, Privacy Breaches, and Tutorials.

Related Articles

Leave a Reply

Back to top button
The Tech Infinite