The news is coming out that, around Nine million card user’s data was illegally leaked on the Dark Web. During the separate attacks conducted on the servers of ClickIndia (Noida-based e-marketplace) and Chqbook (Gurgaon-based neobank).

According to the agency, this data breach is first reported on 5th January. After that same attack was happened on the servers of payment bank startup “Juspay” in August 2020, in which one of its servers, get affected and around 35 million data records are compromised according to the company.

These growing cyberattacks make the Indian digital payment fraternity weaker and the companies started an investigation about this issue and many have triggered an investigation through the country’s banking norms.

Whereas the Team of RBI (Reserve Bank of India) reached out to the spokesperson of these companies and also talked to the stakeholders about this matter. This whole enquire is about to enforce a new payment technique that aims to mandate the storage of the card data only for those who have the licensed payment gateways.

The Payment Council of India also gives a detailed presentation that would be shared with the banks about the steps taken to fixed these vulnerabilities.

What Happens with Juspay?

The cybersecurity researcher Rajshekhar Rajaharia on Sunday reported that around 10 Billion credit and debit cardholder data has been sold on Dark Web.

According to the security experts, this data is leaked during the attack that happened on Juspay digital payment gateways organization.

Whereas Juspay denied that no card number or any type of financial information is not leaked or compromised during the cyberattack and the company also says that the actual no of compromised accounts is about 1 billion.

On 18th August 2020, an attack was detected on the servers and also its get terminated while its executed. Any type of financial credentials, transaction data, card numbers was compromised according to the Juspay spokesperson statement.

But the spokesperson also added that some data records also contained non-anonymized, text emails and phone numbers which are about 10 billion records data are compromised.

On the other hand, the expert claimed that the leaked data has been sold for an undisclosed amount on Dark Web and the payment was done via cryptocurrency Bitcoin.

And hackers are also contacting via Telegram, the experts also say that if hackers can get the Hash algorithm then they can generate the card fingerprint, and they will able to decrypt the masked card number, and if this happened the all 10 billion cardholders were at the risk.

Juspay the payment aggregator firm was founded in 2012 and last year they make about $21.6 million in its series B funding the round was successfully led by Sweden’s Vostok Emerging Finance, who are invested about $13 million in this tech firm and makes their 1st investment in India.

Consequences and Perspectives

Chqbook spokesperson denied the attack and Clickindia spokesperson did not respond anything about it. But, if we talk about the effect of this cyberattack on the servers of Juspay, may compromise the data of more than 100 million clients and sell on the dark web in exchange for $6000 bitcoin including the companies Amazon, Flipkart, Airtel, and Jiomart.

However, Amazon claimed that they had not seen any impact by this attack and no customer account was compromised and no data is leaked.

Whereas other companies like Filpkartm Jiomart, Airtel officials haven’t say anything about this attack. But both Amazon and Flipkart put a temporary halt towards the services of Juspay.

The data leaked and sold on the dark web includes the names of the banks that issue the card, the last four digits of the card, expiry dates, username, card type, and several other details.

Juspay also said that they were in close contact with concerned bank authorities and RBI related to this matter. They are working with cyber experts and have invested much time in threat monitoring tools and adding a secured internal system protocol with having a limited resource.