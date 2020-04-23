PAAY Database Exposure – Expert Commentary

196 0
Dot Your Expert Comments
Facebook Twitter WhatsApp Google LinkedIn Email

Paay, a New York-based card payments processor, left about 2.5 million credit card transactions publicly exposed for roughly three weeks. The organization forgot to put password protection on the server, allowing anyone to access the data inside. Specifically, the housed data contains plaintext credit card numbers, expiration dates, the amount spent and partially masked copies of each credit card number – cardholder names, CVVs were not included.

EXPERTS COMMENTS
Robert Prigge, CEO,  Jumio
April 23, 2020
The timing of this breach also couldn’t be worse for victims as storefronts are closed amid the global health pandemic.
PAAY offers a service as a third-party middleman between two banks by providing an additional security layer for the transactions, but unfortunately leaves all records exposed without passwords and vulnerable to attacks. It's important for banks of all sizes only rely on vendors and third parties that are PCI compliant and come equipped with the necessary security and certifications to keep custom ....
[Read More >>]
Chris DeRamus , Co-founder & CTO,  DivvyCloud
April 23, 2020
Companies need to realize that without a holistic approach to security, they open themselves up to undue risk.
According to Paay’s CEO, they spun up and subsequently misconfigured an instance leaving their database of 2.5 million card transaction records exposed to the public without a password. Unfortunately, Paay’s misconfiguration is quite common and we’ve grown used to seeing these data exposures pop up in headlines every couple of weeks. Companies need to realize that without a holistic approach ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :


In this article