324K Regpack users' info compromised when decrypted files placed on public-facing server
Independent Security Researcher Troy Hunt spotted a database containing the information of nearly 324,000 Regpack accounts.
How many victims? 324,380 users
What type of information? First and last names, email IDs, physical addresses and contact information, IP addresses, and the last four digits of Credit Card numbers were all potentially compromised in the breach.
What happened? A couple months ago, independent researcher Troy Hunt spotted a now deleted tweet from @0x2Taylor linking to a database containing the information of 324,380 BlueSnap users, including 105,000 unique email addresses. The database contained information on transactions conducted between March 10, 2014, and May 20, 2016. Hunt said it's likely that either BlueSnap or Regpack, a firm that offers registration services, lost the data. In a statement BlueSnap initially denied Hunt's claims that their customers' data had been breached, he said, but later said an investigation revealed the data was leaked as the result of human error caused by decrypted files stored on a public-facing Regpack server.
What was the response? Regpack is notifying the vendors whose customers were affected.
Quote: “We have changed our approach to handling this data and are confident that this one-time mistake will not occur again,” BlueSnap and Regpack said in a joint statement to Hunt.