Amazon, Swiggy Payment Processor Reports About 3.5 Crores Cardholders Data Breach

Must Read

23 Consecutive Quarters of Losses Amounting To $4.5 Billion Led LG To Exit Mobile Phone Market Worldwide

When the going gets tough, the tough get going. But that doesn't seem to fit in the case of...

Can CBD Gummies Be Beneficial For College Students?

College students often feel more pressure than they have ever—or will ever—feel in their entire lives. Many students are...

Reliance Jio Buying Spectrum From Rival Bharati Airtel Is A Win-Win Deal

In what can only be called an unlikely deal between two rivals, Reliance Jio will be acquiring some spectrum...

Juspay, the leading Indian payment processing startup has been revealed to suffer a major data breach in which the masked credit and debit card numbers, email ids, names, and phone numbers of at least 3.5 crore users have been compromised.

The breach was discovered by Indian cybersecurity researcher Rajshekhar Rajaharia who alerted Juspay and various news outlets about the same. Juspay, which processes payments for major tech firms like Amazon, Swiggy, MakeMyTrip, soon followed this up with a blog post of its own, revealing the facts of the matter from their end.

Media Reports Sensationalizing the Incident: Juspay

The breach took place in the early hours of August 18, 2020, according to Juspay. Their account of the matter further holds that their incident response team dealt with the breach as soon as the system had been alerted.

Advertisements

The breached server was accessed via an old AWS access key that hadn’t been recycled. However, the leaked information was non-sensitive. It included masked credit and debit card numbers (with the first and last four digits showing), customer email ids and phone numbers, as well as card expiry. The researcher who reported the matter confirmed the same to various news outlets.

Juspay reassured users that no pins, CVVs, full card numbers, and order details were compromised in the breach. Despite this, Rajaharia believes that if hackers figure out how to decrypt the masked card numbers, it could mean bad news for customers and the firm. However, in response to this claim, Juspay told Gadgets 360 that decrypting card numbers is impossible as their system encrypts them hundreds of times and the algorithm cannot be reverse-engineered.

After the breach, Juspay alerted all of its partners and collaborated with them to strengthen the security of their system. Some of the measures taken to do this were to enable 2 factor authentication for accessing any of its servers and switching to a newer and more secure locking system. Juspay also seems committed to decreasing their data collection and data retention by amping up their compliance with existing data privacy frameworks such as the GDPR and DEPA.

Data Now on the Dark Web

Rajaharia originally found out about the data dump via the dark web, where it is up for sale. According to him, the hacker is contacting interested buyers via telegram and is asking for payment in Bitcoin. One source claims that the seller is charging $8000 for the data.

The hacker behind this breach is also believed to be behind 25 other breaches, one made on Indian online grocery unicorn BigBasket.

Advertisements

Not Just a Breach But a Larger Conspiracy

That’s not all there is to this breach. The news of Juspay’s data leak might have surfaced much sooner were it not for a cybersecurity firm called Cyble.

Based in the US, the startup arrived on the cybersecurity scene about 2 years ago. In this short span, it has become known as a bully by tech startups all over the world, but especially in India.

According to The Ken, one of the ways in which Cyble gains clients is by tracking down major data breaches and contacting the involved companies with deals. If the company rejects, Cyble posts about the breach on their blog. In Juspay’s case, they thought it better to become a client of the firm than to have this news exposed.

However, such wasn’t the case for BigBasket, who refused to partner with Cyble only to have the latter reveal the data leak the former had suffered.

While Juspay’s decision to prevent news of the breach from being known might raise eyebrows, the company seems dedicated to the privacy of its users’ data as it follows the highest level of compliance laid down in the PCI DSS, a payment security protocol.

Cybersecurity Laws in India Need Reform

India has suffered its fair share of data breaches over the past few years. Financial security is an especially hot topic as more users are opting for digital payment options. In terms of digital payments specifically, India is projected to account for 2.2% of the global digital payments market in the next two years.

National Security Advisor Ajit Doval believes that India’s increasing dependence on digital payments could end up becoming a dangerous thing in the future given the increasing number of financial frauds in the country.

With this in mind, India’s data privacy laws need quick reform to keep up with its rapidly changing digital climate owing to the large number of smartphone and internet users in the country.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

These Entrepreneurs Built Their Fortune Only After Investors Rejected Them, Again and Again

Believe in yourself is the most underestimated quotation of all times. As a startup owner, although, this might just...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded and unparalleled...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter, with a...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one of the...

More Articles Like This