Severe security incident in the payment app “Paybox” – Privacy Protection Authority: “Stick to recommendations”


Discount Bank this morning (Wednesday) reported to the Privacy Protection Authority about a serious information security incident in the PayBox payment app. Accordingly, the Paybox team announced that due to the malfunction, partial user information including the last 4 digits of the credit card was leaked as well as additional information, but this would not cause them any financial damage.

The application users have been sent an update message regarding the failure, which states: “As a safeguard and for security reasons, at the next login to the app we will ask you to enter a phone number and a one-time password will be sent to you via SMS.

We are very sorry for the incident and do everything to deserve your trust. We are committed to extracting the lessons learned to prevent such a case from happening again. We invite you to contact the PayBox hotline for any questions. ”

Due to such cases, the Privacy Protection Authority recently launched a campaign aimed at all sectors of the economy, with the aim of raising public awareness of the duty to comply with the provisions of the Privacy Protection Regulations, and in particular the duty of reporting in cases of serious information security events.

The Authority issued a recommendation to the public that encourages vigilance: “You must be alert to any fraudulent attempt involving a request for personal information (such as an e-mail requesting the customer to provide his or her personal information or clicking on a link directing him to the website impersonating the service provider).

Recall that companies that provide such services (such as banks, etc.) do not request this information via email or SMS message. The authority recommends that customers change their personal password in the Paybox app and if it is a password used by other digital services as well – consider changing the password as well In the other services. ”

Amir Carmi, technology manager at ESET, said in a leak: “This morning, the PayBox team posted that a malfunction leaked user information containing the last 4 digits of their credit card. After further review, they added that additional partial information leaked. , Such as the user alias, date of birth, in-app transfers, phone numbers, and more.

Unfortunately, information leaks are something that happens, it happens to small and large entities. These are sensitive data that unauthorized parties may try to exploit to their advantage by connecting some data, thus harming users’ privacy and possibly financial damage.

Although these are not full numbers of credit cards that have been leaked, you should always be in control of your bank transactions and note that all charges are correct, and it is even more important now and I recommend being on hand. ”

Source link


Please enter your comment!
Please enter your name here