Over 100 Million Credit, Debit Cardholders’ Data Leaked on Dark Web

In a major data breach, Justpay, which processes transactions for e-commerce players like Amazon, Swiggy, MakeMyTrip and others, on Monday admitted to a major data breach, which took place in August 2020. According to a Business Insider report, this resulted in the leak of information of over 100 million debit and credit card users from records with masked card numbers and personal data getting compromised.

This disclosure by the company was made after internet security researcher Rajshekhar Rajaharia shared on social media a sample of the data that was available for sale on the dark web. Justpay had noticed some unauthorised activities in one of its data stores in August. The data included full names, phone numbers, and email addresses of the cardholders, along with the first and last four digits of their cards. It appears to have been associated with payments platform Juspay that processes transactions for Indian and global merchants including Amazon, MakeMyTrip, and Swiggy, among others. The data surfaced on the dark Web is related to online transactions that took place at least between March 2017 and August 2020, the files shared with Gadgets 360 suggest.

The company mentioned that the leaked information does not include full card numbers, order information, card PIN or password. Justpay further added that since CVV and PINs are not stored by the company, this critical information is not compromised. But experts say that fraudsters can put together the pieces and engage in a phishing attack.