Mackeeper Security Research Center helps prevent one of the largest leaks of Credit Card Data in 2016
[UPDATE]: This post has been updated to include statements on behalf of EasySupport.com
[UPD: Easysupport.com did respond to our primary email by sending an acknowledgment email on the same day we contacted them. However, response was not visible in our email system.
The 180k entries are related to logs and should not be considered as being the number of customers we have. According to Easysupport.com the actual number of exposed customers is 5,500. Easysupport.com is planning an email to go out to notify all of them about server vulnerability. They are also setting up a dedicated line for customers to speak to the quality assurance team].
On Friday, Sept 16th the MacKeeper Cyber Security Research Center discovered a breach in a mongoDB database that apparently belonged to Canadian Based easysupport.com. According to their site, the company offers computer tech support and seems like one of their databases was misconfigured and was publically open for everyone to see.
The publically accessible database named “easysupport_live” contained folders "service_logs_merchant" and included several hundred thousand records (see screenshot attached). Most of the records (not all, thankfully, but many) included IP / billing addresses / names / credit card information, with CVV, credit card number, expiration month/year etc. - in PLAIN text - for US and international customers. There was no method of encryption used and anyone could have downloaded the personal information and credit card data directly from easysupport.com’s database. MacKeeper’s Security Team reached out to easysupport.com by email and phone as soon as leak was discovered, but never recieved a response from the company. The database, however, was secured and no longer publically visible 5 hours after notification.
According to the server data the database uptime was 1.13 days, while the IP itself was first indexed for public search on Sept 12th. It is still unknown how many people accessed it before the door was closed and it was secured. Consequences could have been even worse if server remained misconfigured for an extended period of time.
Storing credit card data in plain text and leaking that information online is in direct violation of Payment Card Industry Security Standards Council (PCI SSC). The agency was created by American express, Discover, MasterCard, Visa, and JCB requires a minimum standard of security protection to be implemented by all merchants and service providers that handle sensitive credit card data. The payment brands themselves enforce the PCI DSS standard for merchants and service providers, regardless of size. If your company stores, processes, or transmits any of the information recorded on a credit or debit card then you must abide by the PCI DSS or face significant fines, card replacement costs, costly forensic audits, and more. As a Canadian based company they would be regulated by the Financial Consumer Agency of Canada that also requires minimum security standards on payment data and transactions.
Cyber security and protecting customer data is more important than ever and it seems like every day there is a new hack or data leak affecting consumers around the world. With such a strong focus on security it is clear that every company must have a basic system in place to safely secure, transmit, or store sensitive customer data. A “hack” is very different from a “leak” in the terms that in a “hack” outside actors gain access to the server or sensitive information. Where the “leak” is usually an internal issue, failure to properly secure or manage the database and the sensitive data stored there.
There have been some massive data hacks in the last few years such as eBay:145 million records, Target: 70 million, and Adobe: 150 million breached records. However, this was potentially one of the largest leaks (not hacks!) of credit card data we have seen in 2016 with an estimated 180 thousand records leaked.
[UPD: According to Easysupport.com, database was exposed to public due to the migration of CRM system to a new server and was vulnerable for roughly 9 hours]
Attention - Portions of this article may be used for publication if properly referenced and credit is given to MacKeeper Security Research Center.
Do you have security tips or suggestions? Contact: firstname.lastname@example.org