- 1468801640156 - 320,000 Financial Records Apparently Stolen From Payment Processor,leaked online

More than 320,000 have been leaked, and while the information appears to have been either from processor BlueSnap or its customer Regpack, neither of them admit suffering a data breach.

BlueSnap is a payment payment which allows websites to take payments from customers by offering merchant facilities, whereas RegPack is a global enrollment platform that uses BlueSnap to process the financial transactions for its enrollments.

Australian security expert Troy Hunt, the owner of the Have I Been Pwned breach notification service, has analyzed the data and, after reaching out to some of the impacted individuals, he determined that the leaked records are most likely genuine. The compromised information includes names, physical addresses, email addresses, IP addresses, numbers, invoices containing purchase details, the last four digits of credit card numbers, and even CVV codes.1468801640156  - 1468801640156 300x169 - 320,000 Financial Records Apparently Stolen From Payment Processor,leaked online

As Hunt has highlighted, despite the fact that full card data has not been leaked, the compromised information is still highly valuable for cybercriminals, particularly the CVVs, which can be used to conduct card-not-present transactions, and the last four digits of credit cards, which is considered identity verification data and which can be very useful for social engineering attacks.

Although the payment data does not contain full credit card numbers, as Hunt stressed, cyber criminals can still misuse the compromised information, particularly the CVV codes that are highly valuable payment data, which can be used to conduct “card not present” transactions.

Also, the last four digit of any user’s credit card number can also be used for identity verification that’s very useful in conducting social engineering attacks.

Hunt contacted BlueSnap as well as Regpack, but they both denied suffering a data breach. He has also loaded as many as 105,000 email addresses into Have I Been Pwned, so you can search for your address on the site to check whether you are impacted by the breach.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here