• SloppyPuppy@lemmy.world
    link
    fedilink
    arrow-up
    99
    arrow-down
    3
    ·
    edit-2
    1 year ago

    I worked for an online payment company you all know. Many eployees have access to the main DB which holds all transactions and names and everything in clear text. You could basically find out all PII (personal identification information) of any celebrity you wanted given they had anaccount. Address, phone number, credit card and all. If you knew a bit of SQL you could basically find whoever person you wanted and get purchase history and all.

    Cant say I didnt use this to find stuff about my exes or various celebrities.

    • _ak@lemmy.world
      link
      fedilink
      arrow-up
      28
      ·
      1 year ago

      Address, phone number, credit card and all.

      Oh wow. As someone who used to work in Fintech and who built a PCI-DSS compliant system got it successfully certified, it would be a shame if somebody reported that company for violations that could get them to lose their PCI-DSS certification. I mean, do they just bribe their PCI-DSS auditor to overlook this, or have they just managed to hide this blatant issue so far?

      • SloppyPuppy@lemmy.world
        link
        fedilink
        arrow-up
        12
        ·
        1 year ago

        Its been about 10 years ago I wasnt a pci expert then as i am now. My understanding today is that the db was probably pci compliant. But access to it was pretty promiscuous.

    • ramjambamalam@lemmy.ca
      link
      fedilink
      arrow-up
      22
      arrow-down
      1
      ·
      1 year ago

      Cant say I didnt use this to find stuff about my exes

      And I can’t say that doesn’t sound creepy at all…

    • bloubz@lemmygrad.ml
      link
      fedilink
      arrow-up
      10
      ·
      edit-2
      1 year ago

      I want this to be paypal. Can you expose this publicly and make this company bankrupt + closed by justice?

        • easterner@lemmy.world
          link
          fedilink
          arrow-up
          6
          ·
          1 year ago

          Definitely not worth your professional career to leak that. Weren’t there coworkers that called this out though? I can’t imagine a single competent dev not freaking out immediately after discovering that.

    • /home/pineapplelover@lemm.ee
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      The moment I got my CC I knew everything that I bought with it would be basically public. I also knew that one day my information would be sold by the data brokers. I’ve settled with the first fact but I am trying to stop the second one from happening. You guys have any advice? I’m a bit worried that the data removal companies will store info and upload them again so I will keep paying for their services. I have considered doing it myself but it’ hella time consuming.

      • SloppyPuppy@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        3 months ago

        Not a chance. I might be in trouble if I expose this. As a data engineer integrity is very important. But trust me you know the company.