Quote:
|
They have payment processors. The payment processors store most of the credit card number and billing address. Like how gmail stores their email. They can log in and look up transactions.
|
That is a crock of shit ... VISA Net rules prohibit processors from from doing just this and processors are PCI-DSS audited at least once per year. Any processor or any sponsored member processor would be Level 1 PCI-DSS and Network Scanned and PCI-DSS Security Audited and Validated quarterly.
Merchant PCI DSS Compliance & What Is PCI Compliance? | Visa USA
The emails were kept in plan text by Ashley Madison along with the customer/member profile data apparently. This was a XSS SQL injection most likely and the databases were not encrypted properly.
See:
https://dev.mysql.com/doc/refman/5.5...functions.html