The personal information of thousands of PayMyTab customers’ have been exposed as a result of an open Amazon Web Services (AWS) S3 bucket.
Cybersecurity researchers at vpnMentor, Noam Rotem and Ran Locar, were alerted of the unsecured AWS S3 bucket on October 18, by Helen Foster, partner at Davis Wright Tremain. Foster had learnt of the leak from an anonymous source.
“The S3 bucket contained detailed information of any consumer at a restaurant utilizing PayMyTab, who had chosen to have their receipt emailed to them after a meal,” vpnMentor said. “By delivering their e-mail address, they could look at their receipt on the web from their email inbox.”
The personal data exposed included the following; personally identifiable information (PII), email address or mobile phone number, partial financial details, as well as the meal items ordered, and the date,time, location and name of the restaurant visited.
Customers who used PayMyTab between July 2, 2018 to early November this year – could have had their personal information exposed, thus leaving “10,000s of individuals susceptible to online fraud and attacks.”
vpnMentor first notified PayMyTab on October 22 and then again on October 27.
“This data breach represents a serious lapse in basic security protocol for PayMyTab. By exposing this database, they risked the privacy of customers in their client restaurants, the restaurants themselves, as well as PayMyTab’s entire business.
“The exposed customer PII makes those affected vulnerable to many forms of online attack and fraud,” wrote vpnMentor researchers.
The post #Privacy: Data leak exposes PayMyTab customers’ personal information appeared first on PrivSec Report.