.png)
Independent cyber security researcher Rajshekhar Rajaharia claimed on Sunday that data of around 10 crore credit and debit card holders in the country is being sold for an undisclosed amount on the dark web via cryptocurrency Bitcoin.
According to him, this huge data has been leaked from a compromised server of Bengaluru-based digital payments gateway Juspay.
However, JusPay says that no card numbers or financial information were compromised during the cyber-attack, as they are stored in a completely different isolated system. Only some records containing non-anonymised, plain-text email and phone numbers were compromised. They also say that the actual number is much lower than 10 crore.
According to Rajaharia, PCI DSS (Payment Card Industry Data Security Standard) have been followed by Juspay in storing users' card information. "If the hackers can find out the Hash algorithm used to generate the card fingerprint, they will be able to decrypt the masked card number. In this condition, all 10 crore cardholders are at risk," Rajaharia noted. "For this data, hackers are also contacting via Telegram," he said.
The company admitted that the hacker gained access to one of Juspay's developer keys and was spawning new computation servers in the developer account, trying to gain access to any accessible data. However they said, the masked card numbers that have been leaked are not considered sensitive as per compliance.
Only a few phone numbers and email addresses have been leaked which have dummy value. We had intimated our merchant partners about the data leak the very same day, said the company spokesperson.
Source: India TV
.png)
Thank you for your comment