CCAvenue Payment Gateway Hacked By SQL Injection

Reports have started pouring in that CCAvenue, India’s largest payment gateway has been hacked and all the administrator passwords of various merchants using CCAvenue has been stolen in the process. The method of hack which was used in this is sadi to be SQL Injection. Such incidents are not at all expected from a company which happens to be the basis of lot of online e-commerce businesses.

The hackers have managed to lay their hands on all administrative passwords at CCAvenue, list of various databases and some information on tables within the databases. This was revealed by a portal called Hackerregiment which received an e-mail from a hacker with the screenshots suggesting that all administrator passwords at CCAvenue may have been leaked.

However, the CEO of CCAvenue has a different story to tell. He says that netbanking and non-credit cards related transactions form to be more than 85-90% of the overall transactions on CCAvenue. During these transactions, CCAvenue does not store any such important information on their servers and merely acts as a redirector.

Published by


Debjit does some excellent analysis of the Indian technology front and digital media news in India. He is passionate about all things Microsoft but loves open source too! Get in touch with him @dkd903