Open AWS database leaks PayMyTab customers’ personal info

The personal records of PayMyTab customers have been left exposed online due to an unsecured Amazon data storage bucket.

According to cybersecurity company vpnMentor, the database was brought to its attention via Helen Foster, a partner at Davis Wright Tremain, who shared the findings exclusively with TNW.

PayMyTab — an at-table payment system — is a mobile app and device that enables diners to settle their checks using their secure EMV chip-enabled credit card. It also enables guests to split the bill and pay it, tip included, directly from their own phones.

The leaked personal information included the following details:

  • Customer’s name
  • Email address or cell telephone number
  • Last 4 digits of the payment card number
  • The meal items ordered
  • The date, time, location, and the name of the restaurant visited

vpnMentor said it was alerted to the data leak on October 18, after which the researchers reached out to PayMyTab and Amazon to plug the security lapse on November 5.

Credit: vpnMentor