A threat actor has allegedly breached Airpay, a prominent Indian payment solutions provider, and is advertising the company’s full database for sale on a dark web forum. Airpay offers a comprehensive platform for businesses to manage online payments, making it a critical part of the digital commerce infrastructure in India. The cybercriminal claims to have gained deep, persistent access to the company’s systems through a credential injection attack, compromising a vast trove of sensitive financial and personal information.
The threat actor detailed the extent of the allegedly stolen data, which appears to be highly sensitive and valuable. The compromised information reportedly includes a wide range of personally identifiable information (PII) and financial records. The types of data listed for sale are:
- KYC & Identity Records: Full legal names, dates of birth, PAN numbers, and complete addresses.
- Banking Information: Bank account numbers, IFSC codes, branch details, and account holder names.
- Corporate Intelligence: Registered business names, annual turnover figures, and GST mappings.
- Contact Information: Mobile numbers and email addresses linked to user accounts and transactions.
