Swiggy, Uber payment provider Juspay suffers data breach, assures of data safety

Mobile-based service payment provider Juspay that also processes transactions for food delivery player Swiggy, Amazon to name a few had data breach that took place in August 2020.

Personal data of over 10 crore Juspay users were on sale on the Dark Web.

The breach came into highlight after internet security researcher Rajshekhar Rajaharia shared on social media a sample of the data that was available for sale on the dark web.

Also Read: Dunzo data breach leaks personal information of over 3 million users

Acknowledging the breach, Juspay said on August 18, 2020, the company noticed unauthorised activities in one of its data stores. “An old unrecycled AWS access key was exploited and that enabled the unauthorised access. An automatic system alert was triggered due to a sudden increase in the usage of the system resources on the data store. Our incident response team immediately engaged and was able to trace the intrusion and stop it. The server used in the hack was terminated and the entry point for this intrusion was sealed,” shared a blog statement by the start-up.

“About 3.5 crore records with masked card data and card fingerprint (which are non-sensitive information) were breached. The masked card data is used for display purposes and cannot be used for completing a transaction,” it added.

May Interest: FreshMenu’s 2016 Data Breach Exposed Records of 110k Users

Clarifying the delay in disclosure, the payment service provider shared, “We verified that our secure data store, which hosts the confidential card numbers, was not accessed or compromised. Thus, all our customers were secure from any kind of risk. Our priority was to inform the merchants and, as a measure of abundant precaution, they were issued fresh API keys, though it was later verified that even the API keys in use were safe.”