Dark Web Have Stolen 100 Million Debit & Credit Card Holder Data?
As per a report by Gadgets 360, the data that was leaked on the dark web contained information related to debit and credit card transactions that took place between March 2017 and August 2020. The data consisted of the names of the debit and credit cardholders, customer IDs and first and last digits of the cards. Cybersecurity researcher Rajshekhar Rajaria had discovered the data leak a week ago.
Rajaharia told the daily that the leaked data was available on the dark web for sale for an undisclosed amount and it was selling with the name of Juspay. “The hacker was contacting buyers on Telegram and was asking for payments in Bitcoin,” Rajaharia”told the publication. “JUSPAY”had also acknowledged a data breach on its platform.
Data of over 100 million debit and credit cardholders been leaked on the dark web.The data that was leaked on the dark web included names, phone numbers, and email addresses of the users.
Kumar assured that the data that was leaked did not include the card details of the users. It was only the customer metadata that contained the mobile and email addresses of the users.“The masked card data (non-sensitive data used for display) that was leaked has two crore records. Our card vault is in a different PCI compliant system and it was never accessed. We do hundreds of rounds of hashing with multiple algorithms and also have a salt (another number appended to the card number). The algorithms that we use are currently not possible to reverse engineer even given enough compute resources,” he said.
Last month, Rajaharia found personal data of seven million indian credi and debit cardholders leaked through the dark Web. Sensitive data of over 1.3 million indian’s banking customer also appeared on the dark Web in 2019.
Experts often point out that data leaks are getting more common in India as the country is expanding its digital infrastructure but without proper regulations on cybersecurity. The lack of a privacy protection law is also putting no compulsion on companies operating in the country to protect their user data firmly.