Data theft of 100 million users in India: Debit and credit card information is being sold on dark web, most data leaked from Juspay server

Data theft of 100 million users in India: Debit and credit card information is being sold on dark web, most data leaked from Juspay server

Fed up with Ads? Install Filmytales app for news without ads

new Delhi9 days ago

  • Copy link
  • Leaked data include cardholders’ names, mobile numbers, email IDs, card digit details
  • Credit and debit card data of more than 70 lakh users of the country was stolen in December

Once again there are reports of data theft of credit and debit cards of Indian users. Cybersecurity researcher Rajasekhar Rajharia of Cyber ​​Security Affairs claimed that the data of around 100 million (10 crore) credit and debit card holders in the country are being sold on the dark web. Most of the data on the dark web has been leaked from the server of Bangalore-based Digital Payments Gateway Jaspe. Last month, Rajasekhar had claimed that the credit and debit card data of more than 7 million (7 million) users in the country was leaked.

According to the researcher, this data is being sold on the dark web. The leaked data includes the names of Indian card holders along with their mobile numbers, income levels, email ID, permanent account number (PAN) and the first and last four digit details of the card. He has also shared screenshots of it on social media.

Juspay reported lower number of users
The company told that during the cyber attack there has been no agreement with any card number or financial details. According to the report, data leakage of 100 million users is being reported, while the actual number is much less.

A spokesperson for the company said in a statement that on August 18, 2020, an attempt to reach our servers unauthorized was detected, which was intercepted. It did not leak any card number, financial credit or transaction data. Some non-confidential data, plane text emails and phone numbers were leaked, but their number is much less than 100 million.

Data being sold through bitcoin
Here Rajaharia claims that the data is being sold on the dark web at an undisclosed price through crypto currency bitcoin. Hackers are also making contact via telegram for this data. The payment card industry follows the Data Security Standard (PCIDSS) in storing users’ data. If hackers can use a hash algorithm to create a card fingerprint, they can also decrypt the masked card number. In this situation, the account of all 10 crore card holders may be threatened.

The company has recognized that the hacker had access to a developer of Juspay. Data leaked are not considered sensitive. Only a few phone numbers and email addresses have been leaked. Nevertheless, the company had informed its merchant partner on the day the data was leaked.

Data of 7 million users was leaked in December
Last month, the data of more than 7 million (7 million) users in the credit and debit cards of the country was leaked. Rajasekhar Rajaharia discovered the Google Drive link on the dark web, which was given the title of “Credit Card Holders data”. It was available for download via the Google Drive link. This included not only the names of Indian card holders but also their mobile numbers, income levels, email IDs and Permanent Account November (PAN) details.

What is the dark web?
There are many websites on the Internet that do not fall under the mostly used search engines like Google, Bing, and general browsing. These are called dark net or deep net. Such websites can be accessed with the help of specific authorization procedures, software and configurations. The Information Technology Act, 2000 provides the statutory framework for addressing all kinds of prevalent cyber crimes in the country. Law enforcement agencies take action according to this law when they come to notice of such crimes.

Three parts of internet access
1. Surface Web:
This part is used daily. For example, search results like search engines like Google or Yahoo. Such websites are indexed by search engines. These are easily accessible.

2. Deep Web: These cannot be reached through search engine results. To access any document of deep web, one has to login to its URL address. For which password and user name are used. These include accounts, blogging, or other websites.

3. Dark Web: This is only part of Internet searching, but it cannot be found on search engines in general. This type of site requires a special browser, called Tor, to open. Dark web sites are hidden with the help of Tor encryption tool. In such a case, if any users reach them incorrectly, then their data is threatened.

.