Technology Today

A massive database storing millions of credit card transactions has been secured after spending close to three weeks exposed publicly to the internet.The database belongs to Paay, a card payments processor based in New York.
Like other payment processors, the company verifies payments on behalf of selling merchants, like online stores and other businesses, to prevent fraudulent transactions.But because there was no password on the server, anyone could access the data inside.Security researcher Anurag Sen found the database.
He told TechCrunch that he estimates there are about 2.5 million card transaction records in the database.
After TechCrunch contacted the company on his behalf, the database was pulled offline.On April 3, we spun up a new instance on a service we are currently in the process of deprecating,& said Paay co-founder Yitz Mendlowitz.
&An error was made that left that database exposed without a password.Two records from the exposed database.
TechCrunch has blacked out the full credit card number in the record to prevent fraud.The database contained daily records of card transactions dating back to September 1, 2019 from a number of merchants.
TechCrunch reviewed a portion of the data.
Each transaction contained the full plaintext credit card number, expiry date and the amount spent.
The records also contained a partially masked copy of each credit card number.
The data did not include cardholder names or card verification values, making it more difficult to use the credit card for fraud.Mendlowitz disputed the findings.
&We don''t store card numbers, as we have no use for them.& TechCrunch sent him a portion of the data showing card numbers in plaintext, but he did not respond to our follow-up.It the third payments processor this year to admit a security lapse.
In January, Sen found another payments processor with an exposed database storing 6.7 million records.
Earlier this month, another researcher found two payment sites for paying court fines and utilities also left a cache of data exposed for several months.Mendlowitz said the company was informing between 15 and 20 merchants, and that the company has engaged an unnamed forensic auditor to understand the scope of the security lapse.A payments provider for paying court fines and utility bills exposed years of transactions





Unlimited Portal Access + Monthly Magazine - 12 issues


Contribute US to Start Broadcasting - It's Voluntary!


ADVERTISE


Merchandise (Peace Series)

 


Apple fans rushing for ₤ 35 iPhone 16 Pro Max as Sky uses payday deal


'I visited Chinese city which is like sci-fi movie with robots and noiseless trains'


Top Tech: Amazon's best early Prime Day deals including Ring, Tefal and Nespresso


Brits now 'obsessed' with health tracking and say it's key to motivation


Virgin Media is distributing complimentary wise TVs in surprise seven-day sale


O2 confirms UK network switch off and the exact date your phone might quit working


Samsung and Google have a new Android competitor that's like Nothing you've seen before


'Spectacular' Samsung Galaxy S25 Ultra gets £10 a month price cut


Sky users given 48-hour cost alert and your costs could increase tomorrow


Never ever miss your favourite television series when on vacation with basic travel hack


Amazon may offer big reason to ditch your Fire TV Stick next week and try something new


Samsung and Google smartphone deals consist of free earbuds and smartwatches


Everyone using Google Chrome must restart their browser now - don't ignore new alert


iPhone users surprised after finding 'concealed' hack to organise home screen


Sky dishes out brand-new iPhone 16 at 'lowest ever' rate, not surprising that it's offering fast


Argos shoppers can get a free 40-inch Hisense TV by doing one thing


Immediate alert for everyone with a Gmail account - do not overlook 6 important brand-new rules


BBC iPlayer is rivalling Sky TV with a vital free upgrade - check your settings now