Express Computer
Home  »  Internet  »  10 crore Indians’ card data selling on Dark Web: Researcher

10 crore Indians’ card data selling on Dark Web: Researcher

0 293

Independent cyber security researcher Rajshekhar Rajaharia claimed on Sunday that data of nearly 10 crore credit and debit card holders in the country is being sold for an undisclosed amount on the Dark Web.

According to Rajaharia, the massive data dump on the Dark Web has been leaked from a compromised server of Bengaluru-based digital payments gateway Juspay.

JusPay told IANS that no card numbers or financial information were compromised during the cyber-attack and the actual number is much lower than the 10 crore-figure being reported.

“On August 18, 2020, an unauthorised attempt on our servers was detected and terminated when in progress. No card numbers, financial credentials or transaction data were compromised,” a company spokesperson said in a statement.

“Some data records containing non-anonymised, plain-text email and phone numbers were compromised, which form a fraction of the 10 crore data records,” the spokesperson added.

However, Rajaharia claimed that the data was being sold on the Dark Web for an undisclosed amount via cryptocurrency Bitcoin.

“For this data, hackers are also contacting via Telegram,” he told IANS.

According to him, PCI DSS (Payment Card Industry Data Security Standard) have been followed by Juspay in storing users’ card information.

“However, if the hackers can find out the Hash algorithm used to generate the card fingerprint, they will be able to decrypt the masked card number. In this condition, all 10 crore cardholders are at risk,” Rajaharia noted.

The company admitted that the hacker gained access to one of Juspay’s developer keys and was spawning new computation servers in the developer account, trying to gain access to any accessible data.

Juspay, however, said the masked card numbers that have been leaked are not considered sensitive as per compliance.

Only “few” phone numbers and email addresses have been leaked which have dummy values, the spokesperson said, adding that it had intimated its merchant partners about the data leak the very same day.

“No card numbers (like 16-digit card number and other financial credentials) were accessed, as it is stored in a completely different isolated system. No transaction or order information was compromised,” the company spokesperson informed.

“We are making long-term investments for strengthening security and data governance with industry experts,” the company said.

Founded in 2012, Juspay last year raised $21.6 million in its Series B funding round.

The round was led by Sweden’s Vostok Emerging Finance (VEF), which invested $13 million in the technology firm, marking its first investment in the country.

–IANS

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image