Search Here

Monday, 4 January 2021

Debit and credit card details of 100 million Indian users are being sold on the Dark Web

Debit and credit card details of 100 million Indian users are being sold on the Dark Web, most of the data is from Juspay server.


Leaked data includes cardholder names, mobile numbers, email IDs, card digit details
Credit and debit card data of more than 7 million users across the country was stolen in December

Once again, the personal details of Indian users have been leaked on the Dark Web. Rajasekhara Rajahariya, a cyber security researcher in the field of cyber security, claimed that the data of about 100 million (100 million) credit and debit card holders in the country is being sold on the Dark Web.

 Most of the data on the Dark Web has been leaked from the servers of Bangalore-based digital payments gateway Juspay. Last month, Rajasekhara claimed that credit and debit card data of more than 7 million users had been leaked.

According to the researcher, this data is being sold on the Dark Web. The leaked data includes the names of Indian cardholders, their mobile numbers, income levels, emails, IDs, PANs and details of the first and last 4 digits of the card. Rajasekhara has shared his screenshot on social media.

Juspay reported a low number of users

Juspay said about the data leak, there was no compromise with any card number or financial details during the cyber attack. The report cites data leaks of 100 million users while the actual number is less than that.

A company spokesman said in a statement that on August 18, 2020, it was reported that an attempt to access our server had been made "unauthorized" and had been blocked in the meantime. No card number, transaction data was leaked. Some non-personal data, plain text emails and mobile numbers have been leaked but the number is much less than 100 million.

Data was being sold through Bitcoin
Rajaharia claims that the data was being sold on the Dark Web through cryptocurrency Bitcoin at an undisclosed price. Hackers were also contacting via telegram for this data.

 juspay adheres to PCIDSS (Payment Card Industry Data Security Standard) for storing users' data. If a hacker uses a hash algorithm to create a card fingerprint, he can also decrypt the masked card number. In this situation, the accounts of all crore card holders may be at risk.

The company has admitted that the hacker reached out to a developer of juspay. The data that has been leaked is not sensitive. Only some mobile numbers and email addresses have been leaked.

Data leaked to 7 million users in
December Credit and debit card data of more than 7 million users leaked in December, 2020. Rajasekhara Rajaharia found a link to Google Drive on Darkweb titled "Credit Card Holders data".

 This was available for download via the Google Drive link. It included details of Indian cardholders along with mobile numbers, income level, email ID and PAN details.

What is the Dark Web?
There are websites available on the Internet that are not included in the commonly used search engines like Google, Bing and general browsing. 

They are called Dark Net or Deep Net. Reaching this type of website requires a specific authorization process, software and configuration.

Divyabhaskar News 

Part 3 of Internet Access
1. Surface Web: This part is used every day, the results of searching on engines like Google or Yahoo. Such websites are indexed by search engines. This website is easily accessible.

2. Deep Web:
Deep Web cannot be reached by search engine results. To access a document on the Deep Web, go to its URL address and log in. Passwords and usernames are used for this. This includes accounts, blogging and other websites.

3. Dark Web: This is only part of the Internet search, but it is not usually found on search engines. This type of site requires a special type of browser to open. It's called Tor. The Dark Web site is hidden using the Tor Encryption tool. There is a risk of data theft if any user wants to access the Dark Web.

No comments: