Express Computer
Home  »  News  »  3 more Indian firms hacked, 1.13 cr users’ data at risk: Researcher

3 more Indian firms hacked, 1.13 cr users’ data at risk: Researcher

0 245

After hacking masked credit and debit card data of crores of Juspay users, the same hacker possibly known as ‘ShinyHunters’ is now selling databases belonging to three more Indian companies on Dark Web, independent cyber security researcher Rajshekhar Rajaharia claimed on Wednesday.

According to Rajaharia who first broke the JusPay hacking, the three Indian companies are e-marketplace ClickIndia, fintech startup for small business owners ChqBook and wedding planning website WedMeGood.

“Nearly 80 lakh users of ClickIndia (name, email, mobile and other personal details), 10 lakh users of ChqBook (name, email, mobile, full address and other personal details) and 13 lakh users of WedMeGood (name, email, hashed password, other sensitive personal information),” Rajaharia told IANS.

Like JusPay, these three companies have also not allegedly told the users about the data breach, claimed the security researcher.

The names of the three Indian companies were first reported by BleepingComputer website, saying that a “data breach broker is selling the allegedly stolen user records for 26 companies on a hacker forum”.

ChqBook denied the attack while the other two companies were yet to react to the report.

According to Sonit Jain, CEO of GajShield Infotech, such incidents, once confirmed irrespective of data sensitivity, leaves a negative impression over the digital payment platforms.

“Simple data like email ID and phone number which may not look sensitive can turn out to be lethal means of financial fraud at personal level, if fallen in wrong hands,” Jain told IANS.

Bengaluru-based digital payments gateway JusPay said in an earlier statement that the company verified that their Secure Data Store, which hosts the confidential card numbers, was not accessed or compromised.

“Thus, all our customers were secure from any kind of risk. Our priority was to inform the merchants and as a measure of abundant precaution, they were issued fresh API keys though it was later verified that even the API keys in use were safe,” the company said.

According to Rajaharia, the hacker is the same who leaked BigBasket data, previously reported by the cybersecurity firm Cyble.

In November last year, one of India’s popular online grocery stores BigBasket, found that its data of over 20 million users had been hacked and were on sale on the dark web for over $40,000.

“Now, the same hacker group is asking about $10,000 in Bitcoin for the BigBasket database and is also selling the three companies’ databases,” Rajaharia said.

“There is a strong connection between all these recent data leaks, including BigBasket,” he added.

US-based third-party cyber intelligence firm Cyble claimed in its official blog that though the alleged breach occurred on October 14, it detected it on October 30, validated it on October 31 and informed BigBasket on November 1.

The user database was estimated to be about 20 million, with names, email ids, password hashes, pin, contact numbers, addresses, date of birth, location and IP addresses of login.

JusPay on Tuesday said that about 3.5 crore records with masked card data and card fingerprint were compromised by the hacker and the claim of 10 crore cardholders’ data being affected is “incorrect”.

–IANS

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image