KUALA LUMPUR – Point-of-sale (POS) software service provider StoreHub has moved to allay concerns among its users over a potential data breach, reassuring them that the security of their personal information remains a priority.
In a statement to The Vibes, the technology firm said it understood the severity of the recent user data vulnerability incident and the potential panic it may have caused.
It is now working with an independent cybersecurity agency to verify and prevent any other future vulnerability.
“We would like to reassure our users that we take the security of our users’ data very seriously and as such, we will continuously work to enhance our data security whilst addressing any and all possible related concerns.”
StoreHub added that its internal team will continue to work closely with external experts in ensuring the full and thorough protection of its users’ data.
Yesterday, The Vibes reported that the data of thousands of affected business premises and their staff, along with some one million of the customers, may have been potentially compromised in the latest of a series of major breaches in the country in recent years.
This is according to Safety Detectives, a publishing group of cybersecurity experts, privacy researchers, and technical product reviewers, who identified the potential data leak to StoreHub, a company headquartered in Petaling Jaya offering the POS software service mostly used in eateries and retail stores.
Based on the report by Safety Detectives, the supposed leak, which was first discovered on January 12, involved over 1.7 billion individual records and over one terabyte of data.
It noted that some of the customers’ personally identifiable information that may have been leaked include their full names, phone numbers, home addresses, and emails, as well as data related to the payments made, such as transaction dates and items ordered.
Separately, it said among the leaked details from the businesses include the employees’ names, their check-in and check-out times from work, the store’s name, address, and email.
According to Safety Detectives, the exposed data was stored on the software provider’s Amazon Web Service (AWS) Elasticsearch server that was neither encrypted nor password-protected.
StoreHub said it was made aware of the vulnerability on February 3 upon being notified by AWS and had swiftly patched and rectified the issue within 24 hours, ensuring that no sensitive or private data were maliciously downloaded by bad actors.
“The investigation also revealed that no sensitive financial data or passwords were contained in the vulnerability. As an extra precautionary measure, StoreHub ensured that no tokens within the dataset could be used to login into a merchant’s account,” it said. – The Vibes, June 17, 2022
.jpeg)
.jpg)
