The operator of smartphone payment service PayPay said Monday that a server containing information on all 2.6 million stores using the service has been hacked.

There is a possibility that some 20.07 million items of information such as store names and bank accounts may have been compromised, but there are no traces of malicious use of such data, PayPay Corp. said.

The fraudulently accessed server did not contain information on individual users.

The PayPay operator, which is an affiliate of SoftBank Corp., said that there were flaws in settings regarding access authorization for the information.

The server also contained information such as the names of store representatives, the history of the operator’s interactions with the stores and contact information for PayPay employees.

The hack originated in Brazil and occurred Nov. 28.

The service operator was notified of the fraudulent access Tuesday by an affiliated firm, and took preventive measures.

In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.