The compromised data includes user names, hashed passwords, mobile phone numbers and UPI IDs.
On August 13, CloudSEK’s threat intelligence arm, XVigil, found that BharatPay’s backend database containing customers’ personal information, bank balance, and transaction data from Feb. 2018 to Aug. 2022 was leaked on a cybercrime forum.
BharatPay provides various digital financial services, including fund transfers and cash deposits, to customers as well as merchants by partnering with numerous distribution networks all across India.
According to the company website, BharatPay operates in 11 states with more than 50,000 retail outlets. The firm also offers prepaid cards which can be issued to a customer via its partner network.
