May 03, 2022

PayHere suffered a 65GB data breach in April! Featured

Details have emerged that Sri Lankan payment gateway - PayHere has suffered a 65GB data breach after being hacked on April 01.

After the breach, the service went offline for 36 hours before coming back online.

According to, 65GB data with 1.5M unique email addresses had been breached. Data had included IP and physical addresses, names, phone numbers, purchase histories and partial card data.


HIBP is a well known free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.

No full card numbers compromised - PayHere
In a blog post, 'PayHere' has stated although the attack had resulted in a 'reputational damage' to them, they have 'ensured that no financial damage happened' to their merchants or customers due to the attack. They have also emphasised that no full card numbers have been compromised during the attack.

They have also noted that the Cyber Crime Investigation Division (CCID) of Sri Lanka Police is currently investigating this cyber crime incident to identify culprits and updates will be published on their blog.