An enormous database storing millions of credit card transactions and details has been secured after spending close to three weeks exposed publicly to the internet.
The database belongs to Paay, a card payments processor based in New York. Like other payment processors, the corporate verifies payments on behalf of selling merchants, like online stores and different businesses, to stop fraudulent transactions.
However, because there was no password on the server, anyone could access the information inside.
Security researcher Anurag Sen discovered the database. He said that he estimates there are about 2.5 million card transactions in the database.
The database contained daily records of card transactions dating back to last September from a number of merchants. Every transaction contained the full plaintext credit card number, expiry date, and the amount spent. The data also contained a partially masked copy of every credit card number. The information did not include cardholder names or card verification values, making it tougher to use the credit card for fraud.
It’s the third payment processor this year to admit a security breach. In January, Sen discovered another payment processor with an exposed database storing 6.7 million records.