Image Source : AP/FILE 3 extra Indian companies HACKED! 1.13 crore customers’ knowledge in danger, researcher says
After hacking masked credit score and debit card knowledge of crores of Juspay customers, the identical hacker probably often known as ‘ShinyHunters’ is now promoting databases belonging to a few extra Indian corporations on Dark Web, impartial cybersecurity researcher Rajshekhar Rajaharia claimed on Wednesday.
According to Rajaharia who first broke the JusPay hacking, the three Indian corporations are e-marketplace Click onIndia, fintech startup for small enterprise house owners ChqBook and marriage ceremony planning web site WedMeGood.
“Nearly 80 lakh users of ClickIndia (name, email, mobile and other personal details), 10 lakh users of ChqBook (name, email, mobile, full address and other personal details) and 13 lakh users of WedMeGood (name, email, hashed password, other sensitive personal information),” Rajaharia advised IANS.
Like JusPay, these three corporations have additionally not allegedly advised the customers in regards to the knowledge breach, claimed the safety researcher.
The names of the three Indian corporations had been first reported by BleepingComputer web site, saying {that a} “data breach broker is selling the allegedly stolen user records for 26 companies on a hacker forum”.
ChqBook denied the assault whereas the opposite two corporations had been but to react to the report.
According to Sonit Jain, CEO of GajShield Infotech, such incidents, as soon as confirmed irrespective of knowledge sensitivity, leaves a unfavorable impression over the digital cost platforms.
“Simple data like email ID and phone number which may not look sensitive can turn out to be lethal means of financial fraud at personal level, if fallen in wrong hands,” Jain advised IANS.
Bengaluru-based digital funds gateway JusPay stated in an earlier assertion that the corporate verified that their Secure Data Store, which hosts the confidential card numbers, was not accessed or compromised.
“Thus, all our customers were secure from any kind of risk. Our priority was to inform the merchants and as a measure of abundant precaution, they were issued fresh API keys though it was later verified that even the API keys in use were safe,” the corporate stated.
According to Rajaharia, the hacker is identical who leaked BigBasket knowledge, beforehand reported by the cybersecurity agency Cyble.
In November final 12 months, one in all India’s fashionable on-line grocery shops BigBasket, discovered that its knowledge of over 20 million customers had been hacked and had been on sale on the darkish net for over $40,000.
“Now, the same hacker group is asking about $10,000 in Bitcoin for the BigBasket database and is also selling the three companies’ databases,” Rajaharia stated.
“There is a strong connection between all these recent data leaks, including BigBasket,” he added.
US-based third-party cyber intelligence agency Cyble claimed in its official weblog that although the alleged breach occurred on October 14, it detected it on October 30, validated it on October 31 and knowledgeable BigBasket on November 1.
The consumer database was estimated to be about 20 million, with names, electronic mail ids, password hashes, pin, contact numbers, addresses, date of start, location and IP addresses of login.
JusPay on Tuesday stated that about 3.5 crore information with masked card knowledge and card fingerprint had been compromised by the hacker and the declare of 10 crore cardholders’ knowledge being affected is “incorrect”.
Latest Business News