According to India Today, the data of 100 million users, containing email addresses, phone numbers, first and last digit of credit cards, and more, was sold on the dark web at an undisclosed price. The database was put for sale by an unknown person who was dealing through Telegram and the company acknowledged the breach through a blog post.
Moreover, Juspay explained that the source that enabled the unauthorised access was an old unrecycled AWS access key. The company added that the server used in the hack was terminated and the entry point for this intrusion was sealed, while assuring its users that only masked card data and card fingerprints (which are non-sensitive information) were breached by the hackers.
Additionally, Juspay stated that it does not store CVV, PINs, or passwords of the users and hence that data was not accessed. Consequently, no order, transactional data, API keys, or source code were compromised in the breach.
Furthermore, the company took some safety measures and enforced two-factor authentication for all tools in the company, moved away from AWS access key based automation, and recycled old credentials in their systems, India Today reported.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now