Imperial Market TorGrid Hidden Links

Data of 100 Million Credit, Debit Cardholders (Again) Leaked on Dark Web

Sensitive information of over 100 million debit and credit cardholders have been leaked on the dark web, a security researcher reported. The data has been leaked through a faulty server of mobile payments company just pay. The data that was leaked on the dark web included names, phone numbers, and email addresses of the users, first and last digits of their cards. Juspay processes payments for companies including Amazon, MakeMyTrip, and Swiggy, among others.

As per a report by Gadgets 360, the data that was leaked on the dark web contained information related to debit and credit card transactions that took place between March 2017 and August 2020. The data consisted of the names of the debit and credit cardholders, customer IDs and first and last digits of the cards. Cybersecurity researcher Rajshekhar Rajaria had discovered the data leak a week ago.

Rajaharia told the daily that the leaked data was available on the dark web for sale for an undisclosed amount and it was selling with the name of Juspay. "The hacker was contacting buyers on Telegram and was asking for payments in Bitcoin," Rajaharia told the publication. Juspay had also acknowledged a data breach on its platform.

"On August 18, 2020, an unauthorized attempt on our servers was detected and terminated when in progress. No card numbers, financial credentials or transaction data were compromised. Some data records containing non-anonymised, plain-text email and phone numbers were compromised, which form a fraction of the 100M data records," Juspay founder Vimal Kumar told Gadgets 360.

Kumar assured that the data that was leaked did not include the card details of the users. It was only the customer metadata that contained the mobile and email addresses of the users.

"The masked card data (non-sensitive data used for display) that was leaked has two crore records. Our card vault is in a different PCI compliant system and it was never accessed. We do hundreds of rounds of hashing with multiple algorithms and also have a salt (another number appended to the card number). The algorithms that we use are currently not possible to reverse engineer even given enough compute resources," he said.

Juspay upon discovering the breach in data had informed its merchant partners and enhanced its cybersecurity measures. For the unversed, Juspay offers the payment gateways for widely-used apps including Airtel, Swiggy, Vodafone, Uber, Cred, Ola and Flipkart. The company has claimed that it processes over 2 million transactions every day.


Read Comments & Discuss This Article on Dread

Share this article

  • The Deep Web
  • Cryptocurrencies
  • Darknet Markets
  • Cybersecurity & ...
  • Editor's Picks
A darkweb cocaine and heroin trafficker has
Sensitive information of over 100 million debit
Police have arrested a man who hired a gang of
An "immature" MDMA dealer who used his own name
Hackers break into databases, steal their
Personal data is being sold on the dark web for
Cybercriminals can use stolen information for
Ireland’s crime gangs have increased their use of
The CCB caught the programmer while they were
  • 1
  • 2
  • 3
Submarine   Hidden Links   Onion Scanner


Visit Our Friends

Subscribe to Our Newsletter

Enter your email to receive our monthly newsletter!
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…