An independent researcher on cybersecurity matters. Rajasekhar Rajhariya claimed on Sunday that the data of about ten crore credit and debit cardholders of the country are being sold on the dark web. According to him, the massive data on the dark web was leaked from Bangalore-based Digital Payments Gateway Jaspe's servers.
However, Jaspe has said that during the cyber attack there was no agreement with any card number or financial information and the number of ten crores is being reported, the actual number is much less than that. A spokesperson for the company said in a statement that on August 18, 2020, attempts were made to reach our servers unauthorizedly, which was intercepted. It did not leak any card number, financial credit, or transaction data.
Some non-confidential data, plain text emails, and phone numbers were leaked, but their number is much less than 100 million. But Rajahria claims that data is on the dark web Cryptocurrency is being sold through Bitcoin at an undisclosed price. Hackers are also making contact for this data through Telegram. According to them, like to store data of users. Follows PCI-DSS (Payment Card Industry Data Security Standard).
However, if hackers can use a hash algorithm to create a card fingerprint, they can also decrypt the masked card number. In this situation, all 10 crore cardholders are at risk. The company admitted that the hacker had reached out to a developer in Jaspe. Data leaked are not considered sensitive. Only a few phone numbers and email addresses have leaked, which are of secondary value. Nevertheless, the company had informed its merchant partner on the day the data was leaked.