Paysafe admits 7.8m accounts hacked in 2009-2010

Paysafe admits 7.8m accounts hacked in 2009-2010

British mobile payments company Paysafe has come clean about the cyber-attacks it suffered five years ago, admitting that more than seven million accounts were compromised.

Paysafe admits 7.8m accounts hacked in 2009-2010Formerly known as Optimal Payments Plc, Paysafe, in a statement released to the London Stock Exchange on Monday, revealed details about the cyber-attacks that happened to Neteller and Skrill in 2009 and 2010.

The Neteller database was hacked in 2009 through as hackers exploited a vulnerability in its Joomla content management system. Hackers were able to access 3.6 million accounts. Moneybookers, now Skrill, saw its virtual private network (VPN) hacked in 2010, giving hackers access to 4.2 million accounts.

Paysafe, which was unaware of the breaches at that time, stated that 1,500 customers had their accounts compromised following the 2009–2010 cyber-attack and the company immediately took action to restore these accounts and reimburse the affected customers.

The company added that less than 2% of the accounts hit by the hack were active in the 6 months ending November 1, 2015 and that only “limited” information was taken. The information didn’t include “passwords, card data or bank account information.” No similar breaches have happened since the attacks, according to the company.

“The Group’s executive management team, IT leadership and security protocols and standards have changed considerably since the breaches more than five years ago. The significant investment made to cybersecurity in recent years will continue into the future as Paysafe works to ensure it has the appropriate systems in place to defend against cybersecurity threats,” said the company.

Paysafe’s shares fell 18% when it confirmed at the end of October that a small number of details were in the public domain.

Australian security expert Troy Hunt told Forbes that he uploaded the 7.8 million records to his Have I Been Pwned website, where users can check if their details were affected by the attacks.