[BreachExchange] Cornerstone Payment Systems leaves database open, exposes 6.7M records

[Destry Winant]

https://www.scmagazine.com/home/security-news/cloud-security/cornerstone-payment-systems-leaves-database-open-exposes-6-7m-records/

Cornerstone Payment Systems, which processes payments for pro-life
groups, churches, ministries and other organizations with a similar
Christian bent, left a database unprotected, exposing 6.7 million
records from 2013 until the present.

Information housed by the database included names, email addresses and
physical addresses as well as card and merchant information,
expiration dates and the last four digits of cards used in payment,
according to a TechCrunch report. Transaction details, such as
merchants, type of payment, times and dates are also stored on the
database discovered by security researcher Anurag Sen.

Tustin, Calif.-based Cornerstone, which bills itself as “committed to
separating ourselves from the industry through a commitment to
Christ,” did not encrypt the database but seems to have used
tokenization, the report said.

“As enterprise infrastructures have become increasingly complex,
exposed or misconfigured cloud databases have emerged as the leading
cause of data leaks,” said Balaji Parimi, CEO, CloudKnox Security.
“These types of leaks have left thousands of gigabytes of sensitive
data exposed in recent years, and it’s not because malicious actors
are targeting that data: it’s because of simple but costly mistakes.”