Amazon and Swiggy data leaks of over 100 million Debit and Credit cardholders
Amazon and Swiggy are one of the leading online markets.
Talking about Amazon, it started with selling books and then captured the entire market. It is the world’s largest online marketplace.
Swiggy is the largest online food delivering platform. In 2020, swiggy started its groceries delivery services.
Payment services provider Juspay, which helps in the transaction for huge online businesses like Amazon, Swiggy and other businesses has admitted data leak of users. The number of customers whose data has been stolen is around 3.5 crore which includes debit and credit card users name with account number.
This information was given through security researcher – Rajshekhar Rajaharai. He said the data sample was on the web page for sale. ” The database was put for sale by an unknown person who was dealing through Telegram”.
Juspay said on August 18, 2020, that there was a miss activity noticed in one of its data stores. The usage of high access was seen and immediately engaged and traced the access and stopped it and the hack was terminated and was sealed.
Later Juspay had to inform all the merchants about this incident and thus told them that there is no risk and was stopped. Juspay also issued the API keys to keep them safe.
After 5 months, A stranger shared a sample of data on the dark web. And the data includes the card holders number , Account details if any fingerprint. Juspay said that the. CVV and pins are not stored in their data stores and unless anyone has the access to algorithms to decode it’s impossible to make transactions.
India follows two – factor authentication whereas internationally there are no such verifications, so the banks have to stop all the international transactions.
The data security has to be formulated strictly to have safe online activities.
Is this worrying?
It could be a major risk to the customers if the hackers decode the algorithm of the hash card numbers. Juspay has access to the 16 digit hash numbers. If hackers generate the algorithm to these hashes, it may lead to a risk factor.
Juspay has only shown six digit numbers out of sixteen digit card numbers.
They also say that the hackers can exploit the data and generate a duplicate card, because it includes pin number, CVV, account number.
Hackers are also sending fake messages to the customers and telling them to share their personal bank information.