Records of millions credit cards left unprotected by payments startup
By MYBRANDBOOK
According to news, New York-based payments startup left millions of credit card transaction records exposed for anyone to see on the internet for nearly three weeks before securing it. Security researcher Anurag Sen found the database belonging to card payments processor Paay, a news portal reported after alerting the company about the finding.
The database was pulled offline by Paay after it became aware of the issue. Paay co-founder Yitz Mendlowitz said that on April 3, they spun up a new instance on a service they are currently in the process of deprecating. An error was made that left that database exposed without a password.
To prevent fraudulent transactions, Paay verifies payments on behalf of selling merchants, but anyone could access the data inside because there was no password on the server. A review of a portion of the data base by the news portal revealed that each transaction contained credit card number and expiry date besides the amount spent, but as the data did not include names of the cardholder as well as card verification values, the exposure did not make it any easier for fraudsters to misuse it. Mendlowitz, however, said that his company does not store card numbers.
During this time, this kind of exposed credit card transaction records could have lead to a bigger crisis. If you remember, Google recently reported that in just one week from 6 to 13 April, it saw more than 18 million daily malware and phishing emails related to Covid-19 scams.
Also, Hackers are creating scam sites similar to COVID-19 relief packages. These scam websites use the news of the coronavirus financial incentives, and fears about coronavirus to try and trick people into using the websites or clicking on links. Check Point Researchers found that since January, a total of 4,305 domains relating to new stimulus/relief packages have been registered globally. In March 2020, a total of 2,081 new domains were registered -38 malicious and 583 suspicious. In the first week of April, 473 were registered – 18 malicious, 73 suspicious.
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Paytm brings UPI Lite Wallet for low-value transactions
Paytm’s parent company One97 Communications (OCL) is emphasizing upon UP...
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
DRUVA SOFTWARE PVT. LTD.
HAVELLS INDIA LTD.
VVDN TECHNOLOGIES
TAC SECURITY SOLUTIONS
Technology Icons Of India 2023: Alok Ohrie
Alok plays a critical role in the Government of India’s Atal Innovat...
Technology Icons Of India 2023: Dilip Asbe
Dilip Asbe is the MD & CEO of National Payments Corporation of India (...
Technology Icons Of India 2023: Lt Gen (Dr.) Rajesh Pant (Retd.)
LT Gen(Dr.) Rajesh Panth (Retd.), National cyber security coordination...
HPCL is transforming the energy landscape, across the nation and beyond
HPCL is world-class energy company known for caring and delighting the...
BEL leveraging next generation technologies to keep the country ahead in Defence space
Bharat Electronics Limited (BEL) is a Navratna PSU under the Ministry ...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
WPG C&C COMPUTERS & PERIPHERALS PVT. LTD.
WPG C&C Computers & Peripherals (India) was incorporated in 2008 and ...
INTEGRA MICRO SYSTEMS PVT. LTD.
Integra is a leading provider of innovative hi-technology products an...
REDINGTON INDIA LIMITED
Redington (India) Limited operates in the IT product distribution busi...