ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Regpack Data Breach

bluesnap.com
Limited exposure
Verified breach
Accounts exposed 104,977
Breach date 20 May 2016
Added to tracker 13 Sep 2016
Data classes 9

What happened

In July 2016, a tweet was posted with a link to an alleged data breach of BlueSnap, a global payment gateway and merchant account provider. The data contained 324k payment records across 105k unique email addresses and included personal attributes such as name, home address and phone number. The data was verified with multiple Have I Been Pwned subscribers who confirmed it also contained valid transactions, partial credit card numbers, expiry dates and CVVs. A downstream consumer of BlueSnap services known as Regpack was subsequently identified as the source of the data after they identified human error had left the transactions exposed on a publicly facing server. A full investigation of the data and statement by Regpack is detailed in the post titled Someone just lost 324k payment records, complete with CVVs.

Exposed data

Browser user agent details Credit card CVV Email addresses IP addresses Names Partial credit card data Phone numbers Physical addresses Purchases

Recommended actions

  • Watch for targeted phishing emails referencing Regpack โ€” attackers weaponise breach data quickly.
  • Monitor your bank and card statements closely and consider requesting a card replacement.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP