Sensitive data of over 100 million credit and debit cardholders has been leaked on the dark web, according to a security researcher.
The data included full names, phone numbers, and email addresses of the cardholders, along with the first and last four digits of their cards.
It appeared to have been associated with payments platform Juspay that processes transactions for global merchants, including Amazon.
The Bengaluru-based startup acknowledged that some of its user data had been compromised in August, according to a Gadgets 360 report.
The data surfaced on the dark Web is related to online transactions that took place at least between March 2017 and August 2020, the files shared with Gadgets 360 suggest.
It included personal details of several cardholders along with their card expiry dates, customer IDs, and masked card numbers with the first and last four digits of the cards fully visible.
However, particular transaction or order details are not apparently a part of the leak.
The surfaced details could be combined with the contact information available in the dump by scammers to run phishing attacks on the affected cardholders.
Cybersecurity researcher Rajshekhar Rajaharia discovered the data dump earlier this week.
He told Gadgets 360 that the leaked data was on sale on the dark Web by a hacker.
“The hacker was contacting buyers on Telegram and was asking payments in Bitcoin,” said Rajaharia.
He also told Gadgets 360 that the data dump was selling on the dark Web with the name of Juspay and he was able to find its linkage with the company upon some observation.
The company also confirmed a data breach to Gadgets 360, though it did not provide further details.