Debit and credit card : Data leaked on the dark web includes the full name, phone number, email address of the card holders and the first and last four numbers of the card.
The news of data theft of credit and debit cards of Indian users has been revealed. A research by security researchers has found that the sensitive data of credit and debit cards of about 10 crore people has been leaked on the dark web. It also includes the full name, phone number, email address of the card holders and the first and last four digits of the card. The information found on the dark web has been leaked from the server of Bangalore-based Digital Payments Gateway Jaspe.
Juspay provides payment processing services for e-merchants like Amazon, MakeMyTrip and Swiggy. The company has admitted that the data of some of its users was leaked in August 2020. According to the researchers, this data leak also happened between March 2017 to August 2020.
Cybersecurity researcher revealed
According to the news, cybersecurity researcher Rajasekhar Rajaharia has collected information about it. Rajasekhar says that a hacker is selling this data on the dark web. He said, “The hacker was talking
In this data, the expiry date, customer ID and masked card number of many card holders are completely visible. However, this does not include transactions and order details. On connecting the leaked data to the company’s database, the researcher found that the leaked data belonged to real users.
These data leaked
Another report of Inc42 has revealed that the leaked data includes users’ brand of card (VISA / Mastercard), expiry date, first and last four numbers of the card, masked card number, tiff of card (Debit / Credit), card But the name, card fingerprint, card ISIN, customer ID and merchant account, etc., along with many more details are included.
Company clarifies on data leak
Juspay founder Vimal Kumar admitted that an attempt to steal data was made on August 18, 2020, but the data associated with the card has not been stolen. He said that no card number, financial credential or transaction data has been leaked.
Vimal said, “Only two crore records of masked card data have been leaked. Our card vault is in a separate PCI compliant system with encrypted card data and has never been accessed. ”
He says that the hacking attack leaked non-anonymous emails, phone numbers and masked card numbers of the users (the first and last four digits), which cannot be called sensitive data.
What do researchers say
If the words of Jaspe’s founder Vimal are to be believed, then the leaked data card is not enough to clone. But the security researcher says that by detecting the algorithm used to generate card fingerprints, hackers can easily remove card numbers.
