• Join BOO - V I P Channel (Private) - Daily Update! +50k File Shared Already
    1 MONTH Plan = 259$ — 6 MONTH Plan = 499$ — LIFE TIME Plan = 999$    [Contact on Telegram]
Sri Lankan Payment Gateway PayHere (65GB of payment records)

boo

Administrator
booCash
16,417
[Image: payhere.png]


In late March 2022, the Sri Lankan payment gateway PayHere suffered a data breach that exposed more than 65GB of payment records including over 1.5M unique email addresses. The data also included IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date). A month later, PayHere published a blog on the incident titled Ensuring Integrity on PayHere Cybersecurity Incident.

Compromised data: Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases



Sample:
`COLLECTION_ID` int(11) NOT NULL AUTO_INCREMENT,
`TRANSACTION_ID` int(11) DEFAULT NULL,
`ACCOUNT_ID` int(11) DEFAULT NULL,
`ACQUIRER_ID` int(11) NOT NULL DEFAULT '1',
`PAYMENT_METHOD` tinyint(4) DEFAULT '-1',
`CARD_NUMBER` varchar(20) DEFAULT NULL,
`AUTH_CODE` varchar(40) DEFAULT NULL,
`GROSS_PAYMENT` bigint(20) DEFAULT '0',
`PROCESSOR_FEE` bigint(20) DEFAULT '0',
`EXCHANGE_FEE` bigint(20) NOT NULL DEFAULT '0',
`COLLECTED_AMOUNT` bigint(20) DEFAULT '0',
`BALANCE` bigint(20) DEFAULT '0',
`REF_NO` varchar(20) DEFAULT NULL,
`COLLECTION_STATEMENT_ID` int(11) DEFAULT NULL,
`DATE` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`SETTLED_AMOUNT` bigint(20) DEFAULT '0',
PRIMARY KEY (`COLLECTION_ID`),
KEY `fk_COLLECTION_1_idx` (`ACCOUNT_ID`),
KEY `fk_COLLECTION_2_idx` (`TRANSACTION_ID`),
KEY `COLLECTION_ACQUIRER_ACQUIRER_ID_fk` (`ACQUIRER_ID`),
CONSTRAINT `COLLECTION_ACQUIRER_ACQUIRER_ID_fk` FOREIGN KEY (`ACQUIRER_ID`) REFERENCES `ACQUIRER` (`ACQUIRER_ID`)
) ENGINE=InnoDB AUTO_INCREMENT=7621474 DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;

--
-- Dumping data for table `COLLECTION`
--

LOCK TABLES `COLLECTION` WRITE;
/*!40000 ALTER TABLE `COLLECTION` DISABLE KEYS */;
INSERT INTO `COLLECTION` VALUES (1,1,67,1,3,'',NULL,10000,200,0,9800,9800,NULL,NULL,'2018-02-23 03:38:35',9800),(2,2,1,1,0,'421689******8506','861847',132500,3445,0,129055,138855,'3070323__2018-Feb-27',2
and:
`ORDER_ID` int(11) NOT NULL,
`FIRST_NAME` varchar(100) NOT NULL,
`LAST_NAME` varchar(100) DEFAULT NULL,
`EMAIL` varchar(100) DEFAULT NULL,
`ADDRESS` varchar(500) DEFAULT NULL,
`CITY` varchar(45) DEFAULT NULL,
`COUNTRY` varchar(45) DEFAULT NULL,
`PHONE` varchar(30) DEFAULT NULL,
`DELIVERY_ADDRESS` varchar(500) DEFAULT NULL,
`DELIVERY_CITY` varchar(50) DEFAULT NULL,
`DELIVERY_COUNTRY` varchar(50) DEFAULT NULL,
`CUSTOMER_IP` varchar(200) DEFAULT NULL,
`REFERER` varchar(1000) DEFAULT NULL,
PRIMARY KEY (`ORDER_ID`),
KEY `fk_CUSTOMER_TEMP_ORDER1_idx` (`ORDER_ID`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='Used to temporary store the customer data until a confirmed payment is occured';
/*!40101 SET character_set_client = @saved_cs_client */;

--
-- Dumping data for table `CUSTOMER_TEMP`
--

LOCK TABLES `CUSTOMER_TEMP` WRITE;
/*!40000 ALTER TABLE `CUSTOMER_TEMP` DISABLE KEYS */;
INSERT INTO `CUSTOMER_TEMP` VALUES (1,'Dhanika','Perera','dhanika@bhasha.lk','742/1/1, Galle Road','Kalutara','','0774919139','742/1/1, Galle Road','Kalutara','','127.0.0.1',NULL),(2,'Dhanika','Perera','dhanika@bhasha.lk','742/1/1, Galle Road','Kalutara','','0774919139','742/1/1, Galle Road','Kalutara','','127.0.0.1',NULL),(3,'Chamika','Weerasinghe','chamikaw@gmail.com','867/A, Siriwardena Road','Ragama','','719258238','867/A, Siriwardena Road','Ragama','','127.0.0.1',NULL),(4,'Dhanika','Perera','dhanika@bhasha.lk','742/1/1, Galle Road','Kalutara','','342040600','742/1/1, Galle Road','Kalutara','','127.0.0.1',NULL),
 
You must log in or register to reply here.
Back
Top