Your Security, Our First Concern: Customer transaction-related data is secure

  • On 18th Aug 2020 during the early hours, we noticed an unauthorised activity in one of our data stores.
  • An unrecycled access key was exploited and that enabled unauthorized access.
  • An automatic system alert was triggered due to a sudden increase in the usage of the system resources on the data store.
  • Our incident response team immediately engaged and was able to trace the intrusion and stop it. The server used in the cyberattack was terminated and the entry point for this intrusion was sealed.
  • Within the same day, a system audit was done to make sure the entire category of such issues is prevented.
  • Our merchants were informed of the cyberattack on the same day and we worked with them to take various precautionary measures to safeguard information.
  • Over the next few days, a thorough analysis of the audit trails was undertaken to assess the impact of the cyberattack.
  • About 3.5 Cr records with masked card data and card fingerprint (which is non-sensitive information) were breached. The masked card data is used for display purposes on merchant UI and cannot be used for completing a transaction.
  • A part of user metadata in our system which has non-anonymised, plain-text email IDs and phone numbers got compromised.
  • Other than the one data system mentioned above, and none of the other systems was subjected to the cyberattack
  • Our card vault, in a different PCI-compliant store with encrypted card data, is secure
  • CVV, PINs or Passwords are not stored by Juspay; hence completely secure
  • All order and transactional data is secure
  • All API Keys or Source Code is secure
  • We worked with our merchant partners to refresh API keys and invalidate the old keys. Subsequently, the old keys were verified to be safe.
  • Enforced 2 Factor Authentication for all tools in the company
  • Moved away from access key-based automation. Using IAM roles -based temporary security credentials as a more secure alternative.
  • Recycled all older credentials in our systems and set tight key rotation policies.
  • Further tightened various internal systems access control protocols, limiting resource access.
  • We are engaged with threat intelligence experts and have invested in enhanced threat monitoring tools.

--

--

--

Juspay is India’s leading Payments Operating system powering 11Mn payment transactions each day. Key products include Hyper SDK, Express Checkout and UPI stack

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Spider Tribesman Clash ? Stickman Edition Hack Free Resources Generator

{UPDATE} Classic Minesweeper Deluxe Hack Free Resources Generator

{UPDATE} 2 Player Quiz Hack Free Resources Generator

Daily links of Fernand0 — Enlaces diarios de Fernand0 — Issue #278

Daily links of Fernand0 — Enlaces diarios de Fernand0 — Issue #335

READ/DOWNLOAD*^ Cisco ASA for Accidental Administr

Daily newsletter of Fernand0 — Issue #32

Paradigm CTF 2021 Solutions

Scoreboard

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Juspay

Juspay

Juspay is India’s leading Payments Operating system powering 11Mn payment transactions each day. Key products include Hyper SDK, Express Checkout and UPI stack

More from Medium

Impact of Rising Fuel Prices on Courier

UnionML is an open source MLOps framework that reduces the boilerplate, complexity, and friction…

How Marc Benioff ‘Waged War’ and ‘Partied with a Purpose” With Bold Storytelling Tactics That…

How Will AI Impact the Digital Transformation of Modern Businesses?