Sensitive data of over 100 million credit and debit cardholders has been leaked on the dark Web, according to a security researcher.
According to the details, the leaked data included full names, phone numbers, and email addresses of the cardholders, along with the first and last four digits of their cards.
The scam appears to have been associated with payments platform Juspay that processes transactions for global merchants including Amazon, MakeMyTrip, and Swiggy, among others.
The data surfaced on the dark Web is related to online transactions that took place at least between March 2017 and August 2020.
It included personal details of several Indian cardholders along with their card expiry dates, customer IDs, and masked card numbers with the first and last four digits of the cards fully visible. However, particular transaction or order details are not apparently a part of the leak.
The surfaced details could be combined with the contact information available in the dump by scammers to run phishing attacks on the affected cardholders.
A cybersecurity researcher discovered the data dump earlier this week. The leaked data was on sale on the dark Web by a hacker, he told.
However, data leaks are getting more common these days due to lack of a privacy protection law. It is also putting no compulsion on companies operating in the country to protect their user data firmly.