Incidences of data leaks on the dark web have been very often recently. According to security researchers found sensitive data of over a hundred million debit and credit cardholders on dark web portals. Juspay, the payment platform that processes transactions for Amazon, Swiggy, MakeMyTrip and other Indian as well as global merchants. The data included first and last four digits of credit and debit cards, expiry dates, and contact information of the cardholders, making them prone to phishing attacks. According to experts, this might be the biggest data leak on dark web in recent times, with over 100 million cardholders at risk.
One of the largest Finserv companies was the target
Juspay founder Vimal Kumar confirmed detection of an unauthorized attempt and data breach. However, he claimed that only customer metadata was compromised and that the sensitive information on servers was anonymized. Additionally, the data might have to do something with online transactions by users of e-commerce between March 2017 and August 2020. A Bengaluru-based startup had acknowledged compromise of its user data in the month of August. Subsequently, the hacker made several attempts to sell the data. The potential customers for this data were available on Telegram. Dark web data leak by Juspay, one of the most trusted financial companies in India is surprising.
The Juspay site has a team of around 150 people that reach millions of users on a daily basis. It has a decent claim of processing over four million daily transactions by its products. The key clients of Juspay include renowned companies like Uber, Swiggy, Vi (Vodafone Idea), Flipkart, Amazon and Airtel. This narrows down to over a hundred million devices that can avail the system development kits (SDKs) of Juspay.
As the digital infrastructure of our country is expanding, data leaks on the dark web are becoming more frequent in India. This calls for a better and safer system to ensure the safety of the user data. As per the Payment Card Industry Data Security Standard (PCI DSS), Juspay holds the highest level of compliance. However, they were not able to contain the breach. It is high time the privacy protection law gets rigid enough to put a stop to this.
