Home GDPR #Privacy: More than 2.5 million credit card transactions exposed
GDPR - October 29, 2019

#Privacy: More than 2.5 million credit card transactions exposed

A database containing one of the largest collections of credit card numbers has been discovered.

Security Discover researcher, Jeremiah Fowler, had initially discovered a database in February 2019, belonging to the Nigerian based Electronic Settlements Limited.

Electronic Settlements Limited is the parent company of CashEnvoy, PayPad and many more companies.  

The database contained over 8 million records and after the company had been notified by Fowler, they acted fast and closed public access. However, when the company was asked whether they had notified their users, merchants, or partners, the company simply stopped responding. 

“We did not publish our discovery at that time as a professional courtesy and because of how concerned they appeared to be before they ignored all communication and went silent,” said Fowler. 

On October 17, a second database containing 2.59 million credit and debit card transaction data was discovered. 

“This is one of the largest collections of credit card numbers I have ever seen and the worst part was that only a small portion of the actual number was encrypted.”

The second database was set to open and therefore was publicly accessible for anyone to view, edit, download, or even delete data without administrative credentials. In addition, IP addresses, Ports, Pathways, and storage information was discovered – all of which can be exploited by threat actors to access deeper into the network. 

“Technology companies even in emerging markets must do more to protect the data they collect and store on their users and partners.” 

The worst part of this whole incident is that Electronic Settlements Limited already had a wake up call which they clearly ignored. 

“User data is valuable no matter where you are from or who you are and this discovery highlights the need for organizations to put the same focus on data security as they do on profits are revenue.”

It remains unknown if Electronic Settlements Limited has notified the relevant authorities, or impacted users.

The post #Privacy: More than 2.5 million credit card transactions exposed appeared first on PrivSec Report.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

CISA believes SolarWinds attack could have been prevented with simple countermeasures

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency…