Juspay acknowledges data breach, says card details of users were not compromised

Tuesday 5 January 2021 10:19 CET | News

Juspay, a India-based company that provides payment services to ecommerce giants such as Amazon and Swiggy, has confirmed a data breach that took place in August 2020.

According to India Today, the data of 100 million users, containing email addresses, phone numbers, first and last digit of credit cards, and more, was sold on the dark web at an undisclosed price. The database was put for sale by an unknown person who was dealing through Telegram and the company acknowledged the breach through a blog post.

Moreover, Juspay explained that the source that enabled the unauthorised access was an old unrecycled AWS access key. The company added that the server used in the hack was terminated and the entry point for this intrusion was sealed, while assuring its users that only masked card data and card fingerprints (which are non-sensitive information) were breached by the hackers. 

Additionally, Juspay stated that it does not store CVV, PINs, or passwords of the users and hence that data was not accessed. Consequently, no order, transactional data, API keys, or source code were compromised in the breach.

Furthermore, the company took some safety measures and enforced two-factor authentication for all tools in the company,  moved away from AWS access key based automation, and recycled old credentials in their systems, India Today reported.

More: Link

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Juspay, India, payment services, ecommerce, data breach, breach, card data, two-factor authentication
Categories: Fraud & Financial Crime
Countries: India
This article is part of category

Fraud & Financial Crime

Industry Events