The threat actors are currently advertising the company’s complete database on dark web marketplaces, raising serious concerns about the security of India’s digital payment infrastructure. The alleged compromise of such infrastructure represents a significant breach in India’s fintech ecosystem, particularly given Airpay’s role in facilitating merchant payment processing and digital wallet services. According to Daily Dark Web reports, the breach reportedly occurred through a sophisticated credential injection attack, allowing cybercriminals to gain persistent access to Airpay’s core systems. This attack vector typically involves injecting malicious credentials into authentication mechanisms, bypassing standard security protocols, and enabling unauthorized access to backend databases and API endpoints. The threat actors claim to possess complete Know Your Customer (KYC) records, including full legal names, dates of birth, Permanent Account Numbers (PAN), and residential addresses. The attack methodology indicates advanced persistent threat (APT) characteristics, with the criminals potentially maintaining access for extended periods to maximize data collection. Threat actors claim ongoing system access through backdoors in payment infrastructure. Payment gateways like Airpay process thousands of transactions daily, handling sensitive payment card industry (PCI) compliant data through encrypted channels. Indian payment gateway allegedly compromised via credential injection attack.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 28 Jul 2025 13:05:11 +0000