Sensitive information of over 100 million debit and credit cardholders have been leaked on the dark web, a security researcher reported.
Personal details such as email ids, full names, phone numbers, and debit and credit card details of over 100 million users of Juspay has been breached by a hacker who posted the data for sale on the dark web, discovered a cyber-researcher last week.
In what could be a major data breach, information of over 100 million debit and credit card users from payments processor Juspay has leaked on the dark web. Juspay processes payments for companies like Amazon, Swiggy, MakeMyTrip among others.
The Bangalore start-up processes transactions from Amazon, MakeMyTrip, Swiggy, Uber, Airtel, Vodafone Idea, and other well-used applications in India and had announced the data breach in August of 2020.
The leaked data is in the form of a data dump and has been leaked through a compromised server of Juspay. Juspay has confirmed the data leak in its official blog post, outlining the details of the breach.
The breach happened in a data dump which would allow for more online phishing scams. The data dump was discovered in the first week of January by cybersecurity researcher, Rajshekhar Rajaharia, reported NDTV.
The data leak could make cardholders prone to a phishing scam where users may be conned into revealing private information like OTPs or PINs, said Rajaharia.