Cybersecurity researcher Rajshekhar Rajaharia disclosed the discovery of a breach of Juspay revealing the data of over 100 million credit and debit card users, including their full names, phone numbers, email addresses, and the first and last four digits of their cards. E-merchants such as Amazon use its payments services.
10 Crore Indian Cardholder's Cards Data Including Name, Mobile, BankName Leaked from @juspay Server. Available for Sell on DarkWeb.
— Rajshekhar Rajaharia (@rajaharia) January 3, 2021
Story – https://t.co/WczIrFeLel #Infosec #DataLeak #DataBreach #infosecurity #CyberSecurity #GDPR #DataSecurity #Banks #CreditCard #dataprotection pic.twitter.com/X1KYcP8WSh
<p>The Juspay breach shows that 2021 is starting off Business as Usual for malicious actors, with long dwell times between intrusion and discovery. While some of the data in this breach were obfuscated, there is a very real possibility that the attackers could overcome the obfuscation. Even if they don\’t, the stolen information could be used for sophisticated social engineering or spear-phishing attacks.</p> <p> </p> <p>Perhaps the biggest concern is the dwell time. The breach happening mid-August 2020 and only being reported now, indicates there may have been some gaps in Juspay\’s security stack or their security operations process.</p> <p style=\"margin: 0cm; background: white;\"><span style=\"font-family: \’Arial\’,sans-serif; color: #500050;\"> </span></p>