Technology

A massive database storing millions of credit card transactions has been secured after spending close to three weeks exposed publicly to the internet.

The database belongs to Paay, a card payments processor based in New York. Like other payment processors, the company verifies payments on behalf of selling merchants, like online stores and other businesses, to prevent fraudulent transactions.

But because there was no password on the server, anyone could access the data inside.

Security researcher Anurag Sen found the database. He told TechCrunch that he estimates there are about 2.5 million card transaction records in the database. After TechCrunch contacted the company on his behalf, the database was pulled offline.

&On April 3, we spun up a new instance on a service we are currently in the process of deprecating,& said Paay co-founder Yitz Mendlowitz. &An error was made that left that database exposed without a password.&

Two records from the exposed database. TechCrunch has blacked out the full credit card number in the record to prevent fraud.

The database contained daily records of card transactions dating back to September 1, 2019 from a number of merchants. TechCrunch reviewed a portion of the data. Each transaction contained the full plaintext credit card number, expiry date and the amount spent. The records also contained a partially masked copy of each credit card number. The data did not include cardholder names or card verification values, making it more difficult to use the credit card for fraud.

Mendlowitz disputed the findings. &We don&t store card numbers, as we have no use for them.& TechCrunch sent him a portion of the data showing card numbers in plaintext, but he did not respond to our follow-up.

Itthe third payments processor this year to admit a security lapse. In January, Sen found another payments processor with an exposed database storing 6.7 million records. Earlier this month, another researcher found two payment sites for paying court fines and utilities also left a cache of data exposed for several months.

Mendlowitz said the company was informing between 15 and 20 merchants, and that the company has engaged an unnamed forensic auditor to understand the scope of the security lapse.

AWS today launched Amazon AppFlow, a new integration service that makes it easier for developers to transfer data between AWS and SaaS applications like Google Analytics, Marketo, Salesforce, ServiceNow, Slack, Snowflake and Zendesk. Like similar services, including Microsoft AzurePower Automate, for example, developers can trigger these flows based on specific events, at pre-set times or on-demand.

Unlike some of its competitors, though, AWS is positioning this service more as a data transfer service than a way to automate workflows and while the data flow can be bi-directional, AWSannouncement focuses mostly on moving data from SaaS applications to other AWS services for further analysis. For this, AppFlow also includes a number of tools for transforming the data as it moves through the service.

&Developers spend huge amounts of time writing custom integrations so they can pass data between SaaS applications and AWS services so that it can be analysed; these can be expensive and can often take months to complete,& said AWS principal advocate Martin Beeby in todayannouncement. &If data requirements change, then costly and complicated modifications have to be made to the integrations. Companies that don&t have the luxury of engineering resources might find themselves manually importing and exporting data from applications, which is time-consuming, risks data leakage, and has the potential to introduce human error.&

Every flow (which AWS defines as a call to a source application to transfer data to a destination) costs $0.001 per run, though, in typical AWS fashion, therealso cost associated with data processing (starting at 0.02 per GB).

&Our customers tell us that they love having the ability to store, process, and analyze their data in AWS. They also use a variety of third-party SaaS applications, and they tell us that it can be difficult to manage the flow of data between AWS and these applications,& said Kurt Kufeld, Vice President, AWS. &Amazon AppFlow provides an intuitive and easy way for customers to combine data from AWS and SaaS applications without moving it across the public Internet. With Amazon AppFlow, our customers bring together and manage petabytes, even exabytes, of data spread across all of their applications & all without having to develop custom connectors or manage underlying API and network connectivity.&

At this point, the number of supported services remains comparatively low, with only 14 possible sources and four destinations (Amazon Redshift and S3, as well as Salesforce and Snowflake). Sometimes, depending on the source you select, the only possible destination is AmazonS3 storage service.

Over time, the number of integrations will surely increase, but for now, it feels like therestill quite a bit more work to do for the AppFlow team to expand the list of supported services.

AWS has long left this market to competitors, even though it has tools like AWS Step Functions for building serverless workflows across AWS services and EventBridge for connections applications. Interestingly, EventBridge currently supports a far wider range of third-party sources, but as the name implies, its focus is more on triggering events in AWS than moving data between applications.

Since first uploading a YouTube teaser video of its tech five years ago, Magic Leap presence in the augmented reality industry has been controversial.

Some have lauded the teamambitions, while others I&ve talked to say the companyposturing has dissuaded investors from taking chances on other AR hardware startups, which has hampered the industryadvance.

Regardless of its impact, Magic Leap carries outsized weight, leading one to question what would happen to other AR companies if the companysituation worsened.

The company announced layoffs today, with reports indicating that it is dismissing around 1,000 employees — about half of the company. Magic Leapadded news of a major pivot to enterprise makes it seem like that wasn&t its primary strategy over the past year. From my perspective, the company looks like it is on a path to a fire sale and will be dependent on executing a dramatic turnaround, which grows tougher under current economic conditions.

Magic Leap has few users, so a theoretical shutdown would likely have a lesser impact than other unicorn flare-outs; still, losing a company on the forefront of a technology lauded by many as the next ubiquitous platform will certainly impact others that are striving to bring this tech to market.

The impact for startups moving forward would be nuanced. Without a substantial software suite of its own, Magic Leap relied heavily on developer partnerships, though in recent months many of those seemed to promote enterprise use cases. AR/VR startups are already in a rough position, and one less developer platform could force more companies to de-prioritize headset-based platforms and shift their focus to mobile.

China-based electric car startup Byton has furloughed about half of the 450 employees who work at its North American headquarters in Santa Clara, Calif., putting the release date of the automakerupcoming M-Byte vehicle into question.

Byton told TechCrunch the furloughs were the result of the COVID-19 pandemic. The intention is to bring these furloughed employees back, the company said without providing a timeline.

&Given the impact of the pandemic on the global economy and the auto industries we, like several companies, have had to take action to face the challenge,& a Byton spokesperson wrote in an email to TechCrunch. &The furloughs have affected all areas within BytonU.S. operations. Employees in China have not been furloughed.&

Electrek was the first to report the furloughs.

The furloughs come as the company is preparing to bring its M-Byte electric SUV into volume production later this year. The vehicle, perhaps best known for its massive 48-inch wraparound digital dashboard, will be produced at Bytonfactory in Nanjing, China. The M-Byte will be sold in China, the U.S. and Europe.

Byton previously said sales will begin in China in the second half of 2020, followed by the U.S. The vehicle will come to the first European markets in the first half of 2021. However, the COVID-19 pandemic — and the ensuing furloughs and cuts — could delay Bytontimeline.

Byton told TechCrunch it is evaluating the impact of COVID-19 on production of the M-Byte. BytonChina factory reopened in mid-February and is now nearly fully operational, according to the company.

Byton has raised about $820 million from investors that include the companyfounding team,FAW Group, Nanjing Qiningfeng New Energy Industry Investment Fund and CATL.

The startup has been working to close a Series C round of fundraising for months now. The company told TechCrunch it is in the &final stage& of the round, which will include investors FAW Group and the industrial investment fund of Nanjing municipal government, Myoung Shin Co. of South Korea, MS Autotech and Japanese enterprise Marubeni Corporation .