Sensitive data of over 100 million credit and debit cardholders has been leaked on the dark Web, according to a security researcher. The data included full names, phone numbers, and email addresses of the cardholders, along with the first and last four digits of their cards. It appears to have been associated with payments platform Juspay that processes transactions for Indian and global merchants including Amazon, MakeMyTrip, and Swiggy, among others. The Bengaluru-based startup acknowledged that some of its user data had been compromised in August.
The data surfaced on the dark Web is related to online transactions that took place at least between March 2017 and August 2020, the files shared with Gadgets 360 suggest. It included personal details of several Indian cardholders along with their card expiry dates, customer IDs, and masked card numbers with the first and last four digits of the cards fully visible.