Once again Debit and Credit card details of Indian users are getting stolen. Cyber security expert Rajshekhar Rajharia claimed that credit and debit card details of around 100million Indians is being sold over the Dark Web. Most of the data among the stolen data is leaked from Bangalore based Digital Payment Gateway Juspay’s Server. Last month Rajshekhar claimed that Details of around 7 million Indian users were leaked.
According to Cyber Security expert this data is being sold on Dark web. Leaked data mainly contains the name, mobile no’s, email address and first and last four digits of card no. and PAN card detail of the users. He also shared Snapshots of related to this matter.
10 Crore Indian Cardholder’s Cards Data Including Name, Mobile, BankName Leaked from @juspay Server. Available for Sell on DarkWeb.
Story – https://t.co/WczIrFeLel #Infosec #DataLeak #DataBreach #infosecurity #CyberSecurity #GDPR #DataSecurity #Banks #CreditCard #dataprotection pic.twitter.com/X1KYcP8WSh
— Rajshekhar Rajaharia (@rajaharia) January 3, 2021
Juspay hid the actual no from user
Company claimed that there is no compromise with the card no or any financial details of the user during the cyber attack. According to the report no of users whose data got leak is 100millin but actual no is very low. In a statement company mentioned that someone tried to access their server in a unauthorized way on august 18, 2020 but stopped in between by the experts. Some common information, plain text email and phone numbers were leaked which amounts to very less than 100million.
Data is being sold through Bit Coin
Rajharia claimed, these data is sold over Dark Web via crypto-currency Bit Coin.
Hackers are also trying through telegram to get this data. Juspay follows the Payment Card Industry Data Security Standard (PCIDSS). If the hackers use Hash Algorithm to generated finger print than they may decrypt the masked card no. in such case it will be hazardous for account of all the 100 million users.
Company confessed that hacker got access till their developer but leaked information didn’t contain any sensitive item. Company also claimed that they informed the merchant on the same day.
7 million user’s data got leak in December 2020
Last month Credit and Debit card data of around 7 million users was leaked. Rajshekhar found a google drive named-“Credit card holders data” which can be downloaded via link. This google drive not only contains the name but also contains the phone number, PAN, income levels and email id of the card holders.
What is Dark Web?
It is a part of internet searching but can not be found over common search engines like google, Bing etc. To access such site the user need special type of browser called as Tor. The sites of Dark Web are hid using Tor Encrypted tool . Any attempt to unauthorized access of this may causes loss of private data. These sites can only be accesses via special authorization process or specific software and configuration.