Sensitive data of over 100 million credit and debit cardholders have been leaked on the dark Web, according to a security researcher. The data included full names, phone numbers, and email addresses of the cardholders, along with the first and last four digits of their cards. It appears to have been associated with the payments platform Juspay that processes transactions for Indian and global merchants including Amazon, MakeMyTrip, and Swiggy, among others. The Bengaluru-based startup acknowledged that some of its user data had been compromised in August.
The data surfaced on the dark Web is related to online transactions that took place at least between March 2017 and August 2020, the files shared with Gadgets 360 suggest. It included personal details of several Indian cardholders along with their card expiry dates, customer IDs, and masked card numbers with the first and last four digits of the cards fully visible. However, particular transaction or order details are not apparently a part of the leak.
The surfaced details could be combined with the contact information available in the dump by scammers to run phishing attacks on the affected cardholders.
Cybersecurity researcher Rajshekhar Rajaharia discovered the data dump earlier this week. He told Gadgets 360 that the leaked data was on sale on the dark Web by a hacker.
0 Comments