Quote:Data from a breach that occurred five months ago involving Juspay, which handles payments for Amazon and other online retailers in India, has been dumped online, a researcher has found.
Security researcher Rajshekhar Rajaharia discovered data of 35 million Indian credit-card holders from a breach of a Juspay server that occurred on Aug. 18, he revealed on Twitter. The data included sensitive information such as the name, mobile number and bank name of customers whose payment info went through the company’s service, Rajaharia said in the tweet, which included an edited screenshot of some of the data.
Juspay is a Bengaluru, India-based start-up that partners with leading online retailers to make payment transactions—upwards of 650,000 per day–in India. Merchants with payments going through the service include Amazon, Swiggy, MakeMyTrip, Yatra, Freecharge, BookMyShow and Snapdeal.
Juspay discovered the breach during the early morning-hours of Aug. 18, alerted by unauthorized activity in one of the data stores, according to a detailed statement on the company’s website posted Monday and updated Tuesday in response to reports of the incident. Threat actors used an old, unrecycled Amazon Web Services (AWS) access key to gain unauthorized access to the server, which triggered an automatic system alert due to the sudden boost in system resources by the data store, the company said.
Juspay responded immediately to the incident and stopped the intrusion, terminated the server used in the attack, and sealed its entry point, according to the statement.
“Within the same day, a system audit was done to make sure the entire category of such issues is prevented, the company said. “Our merchants were informed of the cyberattack on the same day and we worked with them to take various precautionary measures to safeguard information.”
Read more: https://threatpost.com/data-from-august-...ne/162740/
![[-]](https://www.geeks.fyi/images/collapse.png)
