Beware! Credit Cards from Snapdeal, Uber, Ola, MakeMyTrip, Foodpanda etc Are Probably Already Stolen

An Indian security firm has made scintillating revelation about a possible heist of credit card details of those customers who have actively used services from some of the most popular Indian startups. Fallible.co, a security firm which calls themselves a ‘group of hackers’ who are passionate about improving security of tech startups made this announcement via their blog.

Although they haven’t shown any proof about their claim, the revelation is certainly a big warning.

The startups which they investigated, and found vulnerabilities in payment gateways include: BookmyShow, Foodpanda, Freecharge, Mobikwik, Uber, Ola, Snapdeal, Rupay, Makemytrip, Yatra, Swiggy, Redbus, Voonik.

They have specifically stated that these startups are not insecure or hacked; but the payment gateways which they use are vulnerable to hacking; and have actually informed all users that in case they have used credit cards in any of these startups, then they are probably stolen.

Payment Gateways Exposed

As per their blog, one of the most popular payment gateways which is certified by PCI DSS Level 1 is hacked. Without naming the startup which uses this payment gateway, Fallible claimed that around 15 million transactions are being processed by this payment gateway, every month.

Again, without naming, it was mentioned that another popular payment gateway can be hacked using ‘commodity grade gaming PC’ within a week; and every detail pertaining to credit card usage can be easily hacked.

Interestingly, Abhishek Anand, who is the co-founder of Fallible, had stated last year that 70% of the tech startups they investigated were found to be vulnerable to hacking; and this included Peppertap, Ola, Zomato and HomeShop18. As per his claims, of the 17 startups his company contacted for sharing these details, only two offered them ‘bug bounty’ program benefits, and that too under $100.

As per the claims made that time, credit card details of around 3 million customers are being unknowingly leaked by these startups, and under Section 43A of IT Act, they can actually claim compensation.

Protect Yourself: Use Debit Cards!

In their latest warning related to hacking of credit card details, Fallible has stated that customers from these startups (mentioned above) should always monitor their credit card usage, and report any suspicious activity. As per them, the hackers won’t use their credit card details immediately, but will use them in a gradual, phased manner.

Besides, as a protection tactic, Fallible has said that usage of debit cards, which require PIN and OTP are more secured that credit cards; and have suggested that customers should immediately remove their existing credit cards from their respective accounts.

We can neither endorse these claims as no proof has been provided; nor we can deny the threat, as we have always reported how money is being mysteriously debited from Paytm’s wallet; how Ola cabs was hacked and credit cards details stolen; how cyber extortion is now becoming main stream as $10 million was demanded recently by hackers; how iPhones can be jail breaked remotely; CERT warning about Android being unsafe and the report that Digital Money apps are actually insecure in India.

We will keep you updated as more details come in.