🚀 لقد رفعت CloudSek جولة B1 من السلسلة B1 بقيمة 19 مليون دولار - تعزيز مستقبل الأمن السيبراني التنبؤي
اقرأ المزيد
Category |
Adversary Intelligence – Data Leak |
Impacted Assets |
Customer Records |
CloudSEK Verified |
Yes |
Leaked Data |
Customer PII (name, phone number, email address), masked Credit Card data (first 4 and last 4 digits of the 16 digit card number) |
Inc42 published a report regarding Juspay data being leaked on the dark web. The report claims that the data dump contains PII (Personally Identifiable Information) and card data of 10 Crore users. CloudSEK has done a detailed analysis of this incident and the key findings are summarized below.
CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post on a data sharing platform, selling user databases of multiple companies. Our Threat Intelligence researchers did a detailed analysis on the same. The companies affected are:
Juspay.in | Teespring.com |
MyON.com | Knockcrm.com |
Mindful.org | Clickindia.com |
Chqbook.com | Bigbasket.com |
Reddoorz.com | Hybris.com (SAP.com) |
Wedmegood.com | Wongnai.com |
Geekie.com.br | Anyvan.com |
Accuradio.com | Everything5pounds.com |
Cermati.com | Netlog.com (Twoo.com) |
Reverbnation.com | Fotolog.com |
Pizap.com | ModaOperandi.com |
Eventials.com | Wahoofitness.com |
Sitepoint.com | Singlesnet.com |
The most recent post contains a sample of the Juspay database though the data has not been validated. Here are some sample screenshots from the leak:
The “stored_card” database contains the following fields:
The “customer” database contains the following fields:
The threat actor joined the forum in December 2020. And since then, the threat actor has shared 2 posts, attempting to sell databases from their private collection.
One of the posts advertises multiple databases while the other post is selling the Gympass database.