this post was submitted on 09 Jul 2023
1369 points (99.9% liked)

Ask Lemmy

27027 readers
786 users here now

A Fediverse community for open-ended, thought provoking questions

Please don't post about US Politics. If you need to do this, try !politicaldiscussion@lemmy.world


Rules: (interactive)


1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them


2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?


3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.


4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].


5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.


Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija


Logo design credit goes to: tubbadu


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] SloppyPuppy@lemmy.world 98 points 1 year ago* (last edited 1 year ago) (6 children)

I worked for an online payment company you all know. Many eployees have access to the main DB which holds all transactions and names and everything in clear text. You could basically find out all PII (personal identification information) of any celebrity you wanted given they had anaccount. Address, phone number, credit card and all. If you knew a bit of SQL you could basically find whoever person you wanted and get purchase history and all.

Cant say I didnt use this to find stuff about my exes or various celebrities.

[–] _ak@lemmy.world 27 points 1 year ago (1 children)

Address, phone number, credit card and all.

Oh wow. As someone who used to work in Fintech and who built a PCI-DSS compliant system got it successfully certified, it would be a shame if somebody reported that company for violations that could get them to lose their PCI-DSS certification. I mean, do they just bribe their PCI-DSS auditor to overlook this, or have they just managed to hide this blatant issue so far?

[–] SloppyPuppy@lemmy.world 11 points 1 year ago

Its been about 10 years ago I wasnt a pci expert then as i am now. My understanding today is that the db was probably pci compliant. But access to it was pretty promiscuous.

[–] ramjambamalam@lemmy.ca 21 points 1 year ago

Cant say I didnt use this to find stuff about my exes

And I can't say that doesn't sound creepy at all...

[–] bloubz@lemmygrad.ml 10 points 1 year ago* (last edited 1 year ago) (1 children)

I want this to be paypal. Can you expose this publicly and make this company bankrupt + closed by justice?

[–] SloppyPuppy@lemmy.world 5 points 1 year ago* (last edited 1 year ago) (1 children)

Im afraid they have the means to expose / dox my username if they really wanted

[–] easterner@lemmy.world 6 points 1 year ago

Definitely not worth your professional career to leak that. Weren't there coworkers that called this out though? I can't imagine a single competent dev not freaking out immediately after discovering that.

[–] baduhai@sopuli.xyz 8 points 1 year ago (1 children)
[–] Astronautical@sh.itjust.works 2 points 1 year ago

Either Cashapp or PayPal I think

[–] pineapplelover@lemm.ee 7 points 1 year ago

The moment I got my CC I knew everything that I bought with it would be basically public. I also knew that one day my information would be sold by the data brokers. I've settled with the first fact but I am trying to stop the second one from happening. You guys have any advice? I'm a bit worried that the data removal companies will store info and upload them again so I will keep paying for their services. I have considered doing it myself but it' hella time consuming.

[–] Flax_vert@feddit.uk 1 points 2 months ago (1 children)
[–] SloppyPuppy@lemmy.world 1 points 2 months ago (1 children)

Not a chance. I might be in trouble if I expose this. As a data engineer integrity is very important. But trust me you know the company.

[–] Flax_vert@feddit.uk 1 points 2 months ago* (last edited 2 months ago)

If it's not paypal, deny it