BreachExchange mailing list archives
Cornerstone Payment Systems leaves database open, exposes 6.7M records
From: Destry Winant <destry () riskbasedsecurity com>
Date: Thu, 30 Jan 2020 09:08:29 -0600
https://www.scmagazine.com/home/security-news/cloud-security/cornerstone-payment-systems-leaves-database-open-exposes-6-7m-records/ Cornerstone Payment Systems, which processes payments for pro-life groups, churches, ministries and other organizations with a similar Christian bent, left a database unprotected, exposing 6.7 million records from 2013 until the present. Information housed by the database included names, email addresses and physical addresses as well as card and merchant information, expiration dates and the last four digits of cards used in payment, according to a TechCrunch report. Transaction details, such as merchants, type of payment, times and dates are also stored on the database discovered by security researcher Anurag Sen. Tustin, Calif.-based Cornerstone, which bills itself as “committed to separating ourselves from the industry through a commitment to Christ,” did not encrypt the database but seems to have used tokenization, the report said. “As enterprise infrastructures have become increasingly complex, exposed or misconfigured cloud databases have emerged as the leading cause of data leaks,” said Balaji Parimi, CEO, CloudKnox Security. “These types of leaks have left thousands of gigabytes of sensitive data exposed in recent years, and it’s not because malicious actors are targeting that data: it’s because of simple but costly mistakes.” _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Cornerstone Payment Systems leaves database open, exposes 6.7M records Destry Winant (Jan 30)