Juspay, a payment processor for Amazon, MakeMyTrip, Swiggy, and others, has reported a data breach that leaked the data of over 100 million credit and debit cardholders.
Juspay Data Breach
The breach occurred on August 18, 2020, and leaked data includes “non-sensitive” masked card information, card expiry information, phone numbers and email addresses. Full card numbers, order information, card PINs, and passwords were not leaked. Security researcher Rajshekhar Rajaharia found the data dump on the dark web for sale.
Mr. Rajaharia told Business Insider that Juspay only masked six out of sixteeen digits for card numbers. While this is good, the rest of the data could be exposed if the hackers can reverse-engineer Juspay’s hashing algorithm.