India’s Biggest Data Leak? Info Of 10 Cr Cardholders Leaked... - Jonathan Cartu Internet, Mobile & Application Software Corporation
post-template-default,single,single-post,postid-1539,single-format-standard,qode-quick-links-1.0,ajax_fade,page_not_loaded,,qode_grid_1300,qode-theme-ver-11.2,qode-theme-bridge,wpb-js-composer js-comp-ver-5.2.1,vc_responsive

India’s Biggest Data Leak? Info Of 10 Cr Cardholders Leaked…

India’s Biggest Data Leak? Info Of 10 Cr Cardholders Leaked…

The data includes information about credit and debit cardholders and is being sold on the dark web

The data, which is in the form of a data dump, appears to have been leaked through a compromised server of payments company Juspay

Names of issuing bank, expiry date, credit card numbers, names, customer ID and merchant account ID have been leaked among several other details

In what is seemingly the biggest data leak in India’s history in terms of the number of users affected, the data of over 10 Cr credit and debit cardholders has been allegedly leaked on the dark web. 

The leaked data, which is in the form of a data dump, appears to have been leaked through a compromised server of Bengaluru-headquartered mobile payment solutions company Juspay. 

Screenshots of the leaked database, accessed by Inc42, reveal that it contains sensitive information of users. This includes a user’s card brand (VISA/Mastercard), card expiry date, the last four digits of the card, the masked card number, the type of card (credit/debit), the name on the card, card fingerprint, card ISIN, customer ID and merchant account ID, among several other details. In all, for each user, at least 16 fields of data relating to their payment card as well as payment history have been leaked.

A brief description of what each of these data fields means can be found in the image below.

Image credits: Juspay

Each user’s phone number and email id have also been leaked. 

The leaked payment information has been masked in places to reveal only partial copies of card numbers. While this reduces the possibilities of a financial scam, resourceful hackers could still use the information to launch phishing scams to induce victims to hand over their card information. 

Cybersecurity researcher Rajshekhar Rajaharia, who first alerted Inc42 of this development, said that the data was being sold on the dark web for an undisclosed amount. Rajaharia added that such data could fetch a hacker a handsome amount of money on dark web marketplaces.

It is worth noting that the standards laid down in PCI DSS (Payment Card Industry Data Security Standard) have been followed by Juspay in storing users’ card information. However, Rajaharia felt that if the hacker can find out the algorithm used to generate the card fingerprint, then he will be able to decrypt the masked card number. 

JusPay’s Massive Data Leak

The first murmurs of this massive data leak had come in October 2020, when US-based cybersecurity intelligence firm Cyble had approached Juspay, alerting it about the data breach. However, Cyble also pitched its services to the Indian startup and said the data leak report would not be made public if Juspay agreed to sign up as a client, something that Cyble is known to do. Juspay took up the offer, following which the report was buried. 

This practice by Cyble was also reported in November 2020 by The Ken. Cyble was reported to have approached Indian online grocery unicorn Bigbasket with a similar offer in October. In what is alleged to be extortion by some observers, Cyble is believed to have asked Bigbasket to pay $80,000 for its cybersecurity services, and to bury the news about the data leak. 

BigBasket declined to pay and Cyble was the first to report on the company’s data breach, which was subsequently re-reported by several Indian digital media outlets. While BigBasket chose to report to the authorities that Cyble had demanded ransom from it, the American company denied the same in an update to its blog. 

As for the recently leaked data from Juspay, Rajaharia has independently confirmed that the information for at least some users is genuine. The fact that it’s in the form of a data dump rules out the possibility of the data being leaked through an API (Application Programming Interface). Instead, it seems like the hacker was able to gain access to Juspay’s server. 

Juspay offers a software development kit (SDK) for app makers to integrate its services. It counts major Indian and international tech companies such as Amazon, Airtel, Swiggy, Vodafone, Uber, Cred, Ola and Flipkart among its clients. Its solution powers the payment gateways for these companies and Juspay claims that it processes over 2 Mn transactions per day. 

Inc42 has reached out to Juspay, however, we did not receive a response till the time of publishing. This story will be updated with a response from the company. 

Meanwhile, according to a recent report on Security Affairs, the threat actor purportedly selling the data of Juspay users is in possession of 36.9 Cr stolen user records obtained from 26 companies, which includes the data of 2 Cr BigBasket users leaked in November. The said hacker also holds stolen data of 80 Lakh users on Indian classifieds company Clickindia, according to the report. 

India’s Poor Cybersecurity Track Record

This development comes just as 2020 has come to a close, a year when India witnessed a rapid rise in phishing and social engineering, ransomware, distributed denial of service or DDoS, and several other kinds of cyber attacks on its companies. According to the Ministry of Electronics and Information Technology (MeitY), Indian citizens, commercial and legal entities faced 7 Lakh cyber attacks till August 2020 alone, nearly double the number of cyber attacks in 2019 — 3.94 Lakh.

Besides BigBasket, Google-backed hyperlocal delivery platform Dunzo, restaurant chain owner Haldirams, edtech platform Edureka, online travel marketplace RailYatri and even the personal website of Prime Minister Narendra Modi suffered data breaches in 2020, with the data on some of these websites being subsequently leaked on the dark web where it was available for purchase. 

Cybersecurity experts Inc42 spoke to, were of the opinion that the rapid rise in cyber attacks on Indian companies can be attributed to the shift to work from home (WFH) for most companies amid the Covid-19 pandemic. Moreover, Indian’s geopolitical tensions with its neighbours China and Pakistan in the year gone by may also be to blame for the spate of cyber attacks. 


Application Development CEO Jonathan Cartu

Source link

No Comments

Post A Comment