- Jul 27, 2015
- 5,459
A massive database storing millions of credit card transactions has been secured after spending close to three weeks exposed publicly to the internet.
The database belongs to Paay, a card payments processor based in New York. Like other payment processors, the company verifies payments on behalf of selling merchants, like online stores and other businesses, to prevent fraudulent transactions. But because there was no password on the server, anyone could access the data inside. Security researcher Anurag Sen found the database. He told TechCrunch that he estimates there are about 2.5 million card transaction records in the database. After TechCrunch contacted the company on his behalf, the database was pulled offline.
“On April 3, we spun up a new instance on a service we are currently in the process of deprecating,” said Paay co-founder Yitz Mendlowitz. “An error was made that left that database exposed without a password.”
New York payments startup exposed millions of credit cards
Exclusive: The unencrypted database stored eight months of plaintext credit card numbers.
techcrunch.com