PayHere

Have I Been PwnedConfirmed breachAdded May 2, 2022Occurred March 27, 20221,580,249 accountspayhere.lkAll PayHere breaches →

What was exposed

Email addressesIP addressesNamesPartial credit card dataPhone numbersPhysical addressesPurchases

What to do if you were affected

Watch your card and bank statements for unfamiliar charges, and consider requesting a new card number.
Expect more phishing and spam at this address. Treat messages that reference this company with extra caution.
Watch for text-message phishing and SIM-swap attempts on your phone number.
Be wary of targeted scams that use your personal details to sound convincing.

Details

In late March 2022, the Sri Lankan payment gateway PayHere suffered a data breach that exposed more than 65GB of payment records including over 1.5M unique email addresses. The data also included IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date). A month later, PayHere published a blog on the incident titled Ensuring Integrity on PayHere Cybersecurity Incident .

Frequently asked questions

What is the PayHere data breach?

When did the data breach happen?

This data breach occurred around March 2022.

How many accounts were affected?

Around 1,580,249 accounts were affected.

What information was exposed?

Exposed data included Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses and Purchases.

What should I do if I was affected?

Watch your card and bank statements for unfamiliar charges, and consider requesting a new card number. Expect more phishing and spam at this address. Treat messages that reference this company with extra caution. Watch for text-message phishing and SIM-swap attempts on your phone number. Be wary of targeted scams that use your personal details to sound convincing.

View on source ↗

Related breaches