In a biggest data leak at just the start of the year 2021, data of above 100 million Indians have been compromised over the Dark Web and the data as reported has been extracted from fintech company Juspay.
The Bengaluru based payments platform Juspay processes transactions for various firms including big guns such as Amazon, MakeMyTrip, Airtel, Flipkart, Uber and Swiggy. The breach was acknowledged by the firm as on August 18, 2020 but the data seems to be clear now only as a dump offered for sale-by several persons or one person using many IDs - on the Dark Web.
Now as per the security expert Rajaharia who first tracked the data down on the Dark Web, the breach happened between March 2017 and August 2020.Earlier, Juspay had claimed: "On August 18, 2020, an unauthorised attempt on our servers was detected and terminated when in progress. No card numbers, financial credentials or transaction data were compromised."
Now this data dump includes vital information of at least a minimum of 20 million users and includes card brands such as VISA, Mastercard and Amex, the CVV, the card expiry date as well as the first six and last 4 digits of the card, a masked card number, card type as well as the name of the cardholder, the issuing bank, card fingerprint (a detail that uniquely identifies the card to Juspay, which uses an algorithm to encrypt and store it), card International Security ID No (ISIN), which is the first six digits, the customer ID, merchant account ID, etc.
So, the comprise of as many as 16 fields of as many as 20 million Juspay users. Now, in case even if the cardholder has changed card, phishing scams can still be run with all the data.