PayMyTab database was exposed that made the sensitive Personally Identifiable Information (PII) and partial financial details of the customers available online.
vpnMentor cybersecurity researchers, led by Noam Rotem and Ran Locar, revealed about the data leak which has been exposed due to an open AWS bucket.
The team was informed about the existence of an unsecured Amazon Web Services (AWS) S3 bucket, in which PayMyTab failed to follow Amazon’s security protocols and required authentication to access.
The anonymous person who notified vpnMentor about it did so in order to “raise awareness” of the security breach and encourage other mobile payment providers to consider security and data protection more seriously.
PayMyTab works with restaurants to provide mobile and card terminals which also collects customer data for the purposes of CRM and service improvement.
The information leaked includes customer names, email addresses, telephone numbers, order details, restaurant visit information like when and where and also the last four digits of customer payment card numbers.
The researchers claimed that the bucket was exposed from July 2, 2018, to November. The exact figures of amount of data leaked or the number of affected customers is not known at present.
vpnMentor stated that the leak has left 10,000s of people vulnerable to online fraud and attacks. They informed PayMyTab when they discovered the flaws in their online security. The researchers also believe that they have a responsibility to the public and that the PayMyTab users must be made aware of the data breach that has affected them.