PayMyTab, a mobile payments provider, exposed the data of thousands of customers for 16 months after failing to follow security protocols on Amazon Web Services (AWS). Data exposed in the privacy breach includes personally-identifying information of customers who had requested a receipt from their dining experience be emailed or texted to them. Anyone in the S3 bucket database could view customer information like customer name, email address, and phone number as well as what the customer had eaten, at what restaurant, and the time and date of the visit.
The data breach was presented by vpnMentor in late October, and although PayMyTab can take measures to secure data, the previously exposed customer information could result in individual attacks against these clients. VpnMentor stated that PayMyTab will need a complete overhaul of data storage to resolve the issue, and that a hacker who access the information could have already downloaded the files.
Read More: PayMyTab Exposes Data of US Restaurant Goers