Yesterday, some of her researchers vpnMentor revealed that one a large number of staff data has leaked to Internet. Personal information belongs to customers by PayMyTab. The cause of the leak looks like it was one unprotected AWS bucket.
Researchers found that in addition to personal data, some leaked finances data of customers.
The person who informed vpnMentor about her leakage, did not give his name. But he said he did it to draw attention and to show that companies need to protect their databases and systems. Otherwise, anyone can get it access to them, as they are now.
PayMyTab collaborates with several restaurants to provide card payment terminals. These Appliances collect some customer data in order to improve services. However, this information leaked online.
The leaked data is: names, addresses e-mail, phone numbers, order information, restaurant visit information and last four digits of customer payment cards.
According to the researchers, the data were exposed from 2 July to 2018 until November of 2019. We do not yet know the exact number of data leaked but researchers estimate that they were affected approximately 10.000 customers.
The researchers was informed of the incident on 18 October and contacted PayMyTab twice, 22 and 27 October.
“As ethical hackers, we are obliged to update one company when we find out vulnerabilities", The researchers say. “This is especially true where data breach includes such personal information. However, this ethics also means that we are also responsible for the world. The users PayMyTab's need to be aware of data breach, as it affects many of them. ”
Researchers at vpnMentor have also discovered other personal databases information of Ecuador's millions of citizens, data from sites adults, US government and military information, company emails, and more.