Online payment company Paysafe has admitted that more than seven million of its user accounts were compromised five years ago. The breach, however, was limited and no crucial data such as credit card information was stolen.
The hack, which was first revealed on October 29 2015 has now been confirmed, but Paysafe has played the incident down, saying the accounts were mostly inactive, and no important data was taken.
"The illegally-obtained data in the hands of third parties relates to limited account details from 3.6m NETELLER accounts and basic personal details relating to 4.2m Skrill accounts,” it was said in a follow-up press release.
“Less than 2 per cent of those NETELLER and Skrill accounts were active in the six months to 1 November 2015. Such data does not include passwords, card data or bank account information.”
The Skrill hack happened before the company was acquired by Paysafe.
Paysafe became aware that around 1,500 customers subsequently had their accounts compromised following the 2010 cyber-attack, the company said. It “immediately took action” to restore these accounts and all customers were reimbursed. Paysafe added that it is not aware of any other remimbursal requests related to this incident since 2011.
“The Group's executive management team, IT leadership and security protocols and standards have changed considerably since the breaches more than five years ago. The significant investment made to cybersecurity in recent years will continue into the future as Paysafe works to ensure it has the appropriate systems in place to defend against cybersecurity threats.”