Monday, January 18, 2021

3 more Indian firms hacked, 1.13 cr users’ data at risk: Researcher

- Advertisement -

Cybercriminals using enterprise-based strategies for phishingNew Delhi, Jan 6 (IANS) After hacking masked credit and debit card data of crores of Juspay users, the same hacker possibly known as ‘ShinyHunters’ is now selling databases belonging to three more Indian companies on Dark Web, independent cyber security researcher Rajshekhar Rajaharia claimed on Wednesday.

According to Rajaharia who first broke the JusPay hacking, the three Indian companies are e-marketplace ClickIndia, fintech startup for small business owners ChqBook and wedding planning website WedMeGood.

“Nearly 80 lakh users of ClickIndia (name, email, mobile and other personal details), 10 lakh users of ChqBook (name, email, mobile, full address and other personal details) and 13 lakh users of WedMeGood (name, email, hashed password, other sensitive personal information),” Rajaharia told IANS.

Like JusPay, these three companies have also not allegedly told the users about the data breach, claimed the security researcher.

The names of the three Indian companies were first reported by BleepingComputer website, saying that a “data breach broker is selling the allegedly stolen user records for 26 companies on a hacker forum”.

ChqBook denied the attack while the other two companies were yet to react to the report.

READ ALSO:  This malware is affecting 4700 computers per day

According to Sonit Jain, CEO of GajShield Infotech, such incidents, once confirmed irrespective of data sensitivity, leaves a negative impression over the digital payment platforms.

“Simple data like email ID and phone number which may not look sensitive can turn out to be lethal means of financial fraud at personal level, if fallen in wrong hands,” Jain told IANS.

Bengaluru-based digital payments gateway JusPay said in an earlier statement that the company verified that their Secure Data Store, which hosts the confidential card numbers, was not accessed or compromised.

“Thus, all our customers were secure from any kind of risk. Our priority was to inform the merchants and as a measure of abundant precaution, they were issued fresh API keys though it was later verified that even the API keys in use were safe,” the company said.

According to Rajaharia, the hacker is the same who leaked BigBasket data, previously reported by the cybersecurity firm Cyble.

In November last year, one of India’s popular online grocery stores BigBasket, found that its data of over 20 million users had been hacked and were on sale on the dark web for over $40,000.

READ ALSO:  Mobile threats spread under guise of porn content doubled in 2019
READ ALSO:  This malware is affecting 4700 computers per day

“Now, the same hacker group is asking about $10,000 in Bitcoin for the BigBasket database and is also selling the three companies’ databases,” Rajaharia said.

“There is a strong connection between all these recent data leaks, including BigBasket,” he added.

US-based third-party cyber intelligence firm Cyble claimed in its official blog that though the alleged breach occurred on October 14, it detected it on October 30, validated it on October 31 and informed BigBasket on November 1.

The user database was estimated to be about 20 million, with names, email ids, password hashes, pin, contact numbers, addresses, date of birth, location and IP addresses of login.

JusPay on Tuesday said that about 3.5 crore records with masked card data and card fingerprint were compromised by the hacker and the claim of 10 crore cardholders’ data being affected is “incorrect”.

Source: IANS

India Updates
India Updates is an independent news & Information website. Follow us for regular updates on News and Information.

Follow Us On

Related News


Please enter your comment!
Please enter your name here

Trending Topics In India

Covid 19 India Updates

Trending News In India

Trending Showbiz

Trending Sports

Latest Trending News In India

Parliamentary panel summons FB, Twitter officials on Jan 21

New Delhi, Jan 17 (IANS) The Parliamentary Committee on Information Technology has issued summons to officials of Facebook and Twitter for January 21, to...

447 adverse events across India post-vaccination, 3 serious

New Delhi, Jan 17 (IANS) A total of 447 Adverse Events Following Immunisation (AEFI) have been reported in the last two days of the...

New-age insurance, green energy stocks in queue for Nifty50 entry

Mumbai, Jan 17 (IANS) New-age stocks from insurance, green energy and internet space are in the queue to enter benchmark Nifty50 index, which reflects...

Centre-farmers’ standoff will resolve through dialogues: Vice Prez

New Delhi, Jan 17 (IANS) Vice President M. Venkaiah Naidu on Sunday said that the current standoff between the protesting farmers and the Centre...