Amazon and Swiggy Customer Data Leaked

Amazon and Swiggy had 100 million debit and credit cardholders’ information leaked after its payments partner Juspay was breached.

Amazon and Swiggy had 100 million debit and credit cardholders’ information leaked after its payments partner Juspay was breached.

Cybersecurity researcher Rajshekhar Rajaharia discovered the breach in a data dump posted on the dark web and was for sale at $8000 in Bitcoin.

Juspay has confirmed the data leak in its official blog post and said that the leak occurred because of a compromised server. 

“It pains us to inform you that a data breach did happen on 18th August 2020. Non-sensitive masked card information, mobile numbers and email ids of a subset of our users were compromised,” said Juspay.

Juspay said that the leaked data was non-sensitive after screenshots were published online showing cardholder’s details such as bank name, last four digits of the card, and the expiry month and year.

Juspay explained that the masked card data is used for display purposes only and that no CVV, PINs, or Passwords were included.

Rajaharia warned that the breach could be more damaging if hackers figure out the encryption algorithm used to hash card numbers.

In response to the breach, Juspay has increased security measures and invested in threat monitoring tools. 


© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.