Posted on November 20, 2019 at 7:39 PM
Very confidential information and details of the clients of PayMyTab have been leaked carelessly. This was as a result of an issue with the AWS bucket. This revelation was made by researchers looking into the issue.
Earlier in the week, a team of vpnMentor cybersecurity experts made the shocking revelation. Leaders of the team are Ran Locar and Noam Rotem and they clarified that very confidential Personally Identifiable Information (PII) and other financial details were all leaked on the Internet.
Setting off the Alarm
The experts got wind the development with the presence of a compromised Amazon Web Services (AWS) S3 bucket. In it, PayMyTab was not able to make use of the security protocols. There was also a demand for authentication before access.
According to the unnamed person who raised the alarm and reached out to vpnMentor, the move was made so as to let the development be known. The person wanted to team to know of the security issue and also let other mobile payment providers rethink their entire security platforms.
PayMyTab can be said to be ubiquitous as it is used in eateries, food joints, and various restaurants. It is used in the provision of client details to mobile and card terminals so that CRM and service improvement tasks can be executed.
The data that was leaked can be described as extensive. It included the names of the clients, email addresses, phone numbers, visit the restaurant details and even information on what the client had ordered. The leak also included the location and time of the visits. That was not all, the leak also includes the last four numbers on the payment card of all the affected clients. It was clearly an extensive data breach, one that would worry any cybersecurity expert or analysts.
The experts reported that the exposure of the bucket in question was believed to have commenced on the 2nd of July 2018 and went on until November.
The precise number on the quantity of data leaked as a result of the breach or even the number of the customers have not been made known. However, vpnMentor has an opinion on what this is likely to be. It says that tens of thousands of clients have been affected as a result of the breaches.
vpnMentor itself was notified of the data breach on the 18th of October. As for PayMyTab, it was notified on the 22nd of October and then again on the 27th of October. The experts explained that by virtue of their role as ethical hackers, they have to let the company know what the problems were.
They added that it was even more relevant when data breaches have to do with confidential details like the ones belong to the customers. The ethical hackers made a point of the responsibility that they have towards the public. For that reason, they believed it was crucial that the users of PayMyTab be intimated of the data breach when it happened and the consequences that also followed.
The experts are not new to this type of breach. They have come across similar cases in Ecuador where millions of citizens were affected. Even databases of prominent hotel brands and data belonging to the United States government and armed forces have also been compromised before.
The same thing applies to private electronic mails exchanged between the manufacturers and enterprise clients. It is still not clear how PayMyTab is going to fully handle the issue. It has not released an official publication concerning the incident but analysts believe the brand is going to put some robust strategies in place.