PAAY is a card payments processor based in US, and it verifies payments on behalf of selling merchants, like online stores and other businesses, to prevent fraudulent transactions.
TechCrunch was told that there were estimated about 2.5 million card transaction records in the database. PAAY said that an error was made that left that database exposed without a password. Moreover, the database contained daily records of card transactions dating back to 1 September 2019 from a number of merchants. Each transaction contained the full plaintext credit card number, expiry date, and the amount spent, as well as a partially masked copy of each credit card number. The data did not include cardholder names or card verification values, making it more difficult to use the credit card for fraud.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now