Researcher says 100 million Indians’ card data selling on Dark Web

Independent cyber security researcher Rajshekhar Rajaharia claimed on Sunday that data of nearly 100 million credit and debit card holders in the country is being sold for an undisclosed amount on the Dark Web.

According to Rajaharia, the massive data dump on the Dark Web has been leaked from a compromised server of Bengaluru-based digital payments gateway Juspay.

JusPay told the media that no card numbers or financial information were compromised during the cyber-attack and the actual number is much lower than the 100 million figure being reported.

READ MORE

Man builds secret tunnel to his lover's house caught by her husband

Female Mexican doctor experiences seizures breathing problems and skin rash after receiving vaccine

“On August 18, 2020, an unauthorised attempt on our servers was detected and terminated when in progress. No card numbers, financial credentials or transaction data were compromised," a company spokesperson said in a statement.

Picture shown is for illustrative purposes only.

"Some data records containing non-anonymised, plain-text email and phone numbers were compromised, which form a fraction of the 100 million data records," the spokesperson added.

However, Rajaharia claimed that the data was being sold on the Dark Web for an undisclosed amount via cryptocurrency Bitcoin.

"For this data, hackers are also contacting via Telegram," he told IANS.

According to him, PCI DSS (Payment Card Industry Data Security Standard) have been followed by Juspay in storing users' card information.

"However, if the hackers can find out the Hash algorithm used to generate the card fingerprint, they will be able to decrypt the masked card number. In this condition, all 100 million cardholders are at risk," Rajaharia noted.

The company admitted that the hacker gained access to one of Juspay's developer keys and was spawning new computation servers in the developer account, trying to gain access to any accessible data.