Security News > 2021 > January > Data from August Breach of Amazon Partner Juspay Dumped Online

Data from a breach that occurred five months ago involving Juspay, which handles payments for Amazon and other online retailers in India, has been dumped online, a researcher has found.

Security researcher Rajshekhar Rajaharia discovered data of 35 million Indian credit-card holders from a breach of a Juspay server that occurred on Aug. 18, he revealed on Twitter.

The data included sensitive information such as the name, mobile number and bank name of customers whose payment info went through the company's service, Rajaharia said in the tweet, which included an edited screenshot of some of the data.

Juspay discovered the breach during the early morning-hours of Aug. 18, alerted by unauthorized activity in one of the data stores, according to a detailed statement on the company's website posted Monday and updated Tuesday in response to reports of the incident.

While the company may have already informed partners, it did not reveal the breach publicly until this week, after Rajaharia's discovery of the dumped data.

In its statement Juspay appeared to downplay the breach, saying the threat actors didn't access sensitive data.

News URL

https://threatpost.com/data-from-august-breach-of-amazon-partner-juspay-dumped-online/162740/