BharatPay, an Indian digital payment system platform, recently suffered a data breach that affected its backend database, carrying numerous clients’ personally identifiable information (PII), financial balance, and transaction data. These leaked data range from February 2018 to August 2022 and were posted for sale on a dark web forum.
The Indian payment platform offers several digital financial services to its clients, including cash deposits and fund transfers, and operates over 50,000 retail outlets in 11 different states.
Clients’ usernames, hashed passwords, contact numbers, UPI IDs, and email addresses are included in the compromised database of the payment platform. The researchers also recovered several official email IDs of insurance and banking institutions in India.
Besides these compromised PII data, BharatPay’s transaction data and online bill payment facilitators’ API keys have also been leaked, alongside the information of several SMS vendors.
It is a huge setback for the Indian payment platform to lose the clients’ PII to hackers since these malicious entities could use it for their criminal intentions.
Cybersecurity experts fear that once hackers obtain the highly sensitive data of BharatPay’s clients, it is likely to be used for cybercriminal activities, such as phishing and social engineering attacks. Threat actors would also find the data useful for launching sophisticated ransomware attacks.
After some series of incident analyses and verification, several security teams have confirmed that the data breach on BharatPay was real and that the exposed data on the dark web were only looming to be abused for cyberattacks.
About 32 partner banks and their employees’ contact data are also included in the compromised database. Some of them are the Axis Bank, Reserve Bank of India, HDFC, State Bank of India, Yes Bank, Syndicate Bank, and Punjab National Bank.
As of writing, the affected Indian payment platform has yet to respond to the researchers’ messages. It is also unconfirmed if CERT-IN and other related authorities have been alerted about the data breach incident.
Researchers believe the data breach was caused by an outdated software version used by BharatPay. They also added that the outdated jQuery modules were found with prototype pollution and several other vulnerabilities that could have been exploited in the attack.
BharatPay’s IT team is strongly urged to patch the vulnerable endpoints on the platform immediately, enable MFA, and not store cleartext passwords. The affected customers, partners, and other entities are advised to be vigilant about suspicious activities in their accounts.