Paysafe Group has confirmed that a hack of gambling payment providers Neteller and Skrill in 2009 and 20101 affected 4.5 million and 3.6 million customers respectively for each provider.
The databases contained personal information including answers to secret password recovery questions, addresses, telephone numbers and birth dates, the company said.
The hack was undetected and Paysafe Group has launched an investigation.
The company has since revised the figures saying to 3.6 million Neteller accounts and 4.2 million Skrill users were hacked in a London Stock Exchange announcement.
As detailed in a report by Forbes magazine, the Neteller attack exploited a vulnerability in the Joomla content management system. In the hack of Skrill, then called Moneybookers, a virtual private network designed to provide secure access to the firm’s network was hacked and a transaction database was accessed.
The company said only two per cent of affected customers or about 156,000 individual accounts were still active in the last six months. Paysafe added that it was “not aware of any similar breaches” since the attacks. The company said customers were being informed of the latest findings.
About 1,500 customers had their accounts compromised following the 2010 Neteller attack. All customers were reimbursed, Forbes reported.