San Francisco, April 23 (SocialNews.XYZ) A New York-based payments startup left millions of credit card transaction records exposed for anyone to see on the Internet for nearly three weeks before securing it, a media report said on Thursday.
Security researcher Anurag Sen found the database belonging to card payments processor Paay, TechCrunch reported after alerting the company about the finding.
The database was pulled offline by Paay after it became aware of the issue.
"On April 3, we spun up a new instance on a service we are currently in the process of deprecating," Paay co-founder Yitz Mendlowitz was quoted as saying.
"An error was made that left that database exposed without a password," Mendlowitz said.
To prevent fraudulent transactions, Paay verifies payments on behalf of selling merchants, but anyone could access the data inside because there was no password on the server.
A review of a portion of the data base by TechCrunch revealed that each transaction contained credit card number and expiry date besides the amount spent, but as the data did not include names of the cardholder as well as card verification values, the exposure did not make it any easier for fraudsters to misuse it.
Mendlowitz, however, said that his company does not store card numbers.
Source: IANS
Gopi Adusumilli is a Programmer. He is the editor of SocialNews.XYZ and President of AGK Fire Inc.
He enjoys designing websites, developing mobile applications and publishing news articles on current events from various authenticated news sources.
When it comes to writing he likes to write about current world politics and Indian Movies. His future plans include developing SocialNews.XYZ into a News website that has no bias or judgment towards any.
He can be reached at gopi@socialnews.xyz
This website uses cookies.
