Amazon, Swiggy Payment Processor Reports About 3.5 Crores Cardholders Data Breach

Must Read

Skeletons in the Closet? Google-Facebook Involved in Secret Online Advertising Deal

If you can’t beat ‘em, join ‘em. And when two titans happen to decide upon an alliance,...

Smartphone Resale Value: Depreciation Is Surprising Enough [REPORT]

It's a tad cliché and true that smartphones have permeated every sphere of our life. The ceaseless...

“Open Up Cambridge Analytica, It’s CBI At the Door!”

Among all the establishments ensnared in deplorable acts, Cambridge Analytica has steadily climbed the ladder of infamy....

Juspay, the leading Indian payment processing startup has been revealed to suffer a major data breach in which the masked credit and debit card numbers, email ids, names, and phone numbers of at least 3.5 crore users have been compromised.

The breach was discovered by Indian cybersecurity researcher Rajshekhar Rajaharia who alerted Juspay and various news outlets about the same. Juspay, which processes payments for major tech firms like Amazon, Swiggy, MakeMyTrip, soon followed this up with a blog post of its own, revealing the facts of the matter from their end.

Media Reports Sensationalizing the Incident: Juspay

The breach took place in the early hours of August 18, 2020, according to Juspay. Their account of the matter further holds that their incident response team dealt with the breach as soon as the system had been alerted.


The breached server was accessed via an old AWS access key that hadn’t been recycled. However, the leaked information was non-sensitive. It included masked credit and debit card numbers (with the first and last four digits showing), customer email ids and phone numbers, as well as card expiry. The researcher who reported the matter confirmed the same to various news outlets.

Juspay reassured users that no pins, CVVs, full card numbers, and order details were compromised in the breach. Despite this, Rajaharia believes that if hackers figure out how to decrypt the masked card numbers, it could mean bad news for customers and the firm. However, in response to this claim, Juspay told Gadgets 360 that decrypting card numbers is impossible as their system encrypts them hundreds of times and the algorithm cannot be reverse-engineered.

After the breach, Juspay alerted all of its partners and collaborated with them to strengthen the security of their system. Some of the measures taken to do this were to enable 2 factor authentication for accessing any of its servers and switching to a newer and more secure locking system. Juspay also seems committed to decreasing their data collection and data retention by amping up their compliance with existing data privacy frameworks such as the GDPR and DEPA.

Data Now on the Dark Web

Rajaharia originally found out about the data dump via the dark web, where it is up for sale. According to him, the hacker is contacting interested buyers via telegram and is asking for payment in Bitcoin. One source claims that the seller is charging $8000 for the data.

The hacker behind this breach is also believed to be behind 25 other breaches, one made on Indian online grocery unicorn BigBasket.


Not Just a Breach But a Larger Conspiracy

That’s not all there is to this breach. The news of Juspay’s data leak might have surfaced much sooner were it not for a cybersecurity firm called Cyble.

Based in the US, the startup arrived on the cybersecurity scene about 2 years ago. In this short span, it has become known as a bully by tech startups all over the world, but especially in India.

According to The Ken, one of the ways in which Cyble gains clients is by tracking down major data breaches and contacting the involved companies with deals. If the company rejects, Cyble posts about the breach on their blog. In Juspay’s case, they thought it better to become a client of the firm than to have this news exposed.

However, such wasn’t the case for BigBasket, who refused to partner with Cyble only to have the latter reveal the data leak the former had suffered.

While Juspay’s decision to prevent news of the breach from being known might raise eyebrows, the company seems dedicated to the privacy of its users’ data as it follows the highest level of compliance laid down in the PCI DSS, a payment security protocol.

Cybersecurity Laws in India Need Reform

India has suffered its fair share of data breaches over the past few years. Financial security is an especially hot topic as more users are opting for digital payment options. In terms of digital payments specifically, India is projected to account for 2.2% of the global digital payments market in the next two years.

National Security Advisor Ajit Doval believes that India’s increasing dependence on digital payments could end up becoming a dangerous thing in the future given the increasing number of financial frauds in the country.

With this in mind, India’s data privacy laws need quick reform to keep up with its rapidly changing digital climate owing to the large number of smartphone and internet users in the country.


Please enter your comment!
Please enter your name here

Latest News

Amazon Prime Video: End Of Subscriber Hunt And Beginning Of An Ad-Fuelled Future!

The streaming landscape of India is going through a rapid transformation. Seems like it is no longer...

Why Is Retargeting Touted As A Secret Weapon For Success By Online Marketers

You know that ads play an important role in driving people to your website if you run a small business and sell...

Happy B’day Chad Hurley: The Co-Founder Of The World’s Largest Video Library

Chad Hurley never cared about success, he mended his ideas and tried to garner the fruits from those. But not every time...

Encouraged By Record Profit of RIL, Ambani Wants To Accelerate 5G Arrival in India

Brace yourselves for the sooner-than-anticipated arrival of  Reliance Jio 5G services because the 63-year-old billionaire tycoon Ambani recently pledged to the speedy launch...

How Mobile Is Becoming A Catalyst Of Online Gambling Market Growth

The global online gambling market is now one of the biggest and it is expected to grow up to 127.3 billion US...

“Open Up Cambridge Analytica, It’s CBI At the Door!”

Among all the establishments ensnared in deplorable acts, Cambridge Analytica has steadily climbed the ladder of infamy. The roots of its malice...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This