Security Update from Pay It Now

Written By Daniel Rawiri

We have identified that a small number of Pay It Now customers may have had their online credentials, such as email addresses and passwords used on other platforms, compromised outside of the PIN Network. These compromised credentials may then have been used in attempts to access customer accounts.

These instances appear to be isolated and limited to a small handful of users.

We understand how concerning this is, and it is genuinely unfortunate for those who may have been affected. In some cases, this may have resulted in unauthorized account access, which we take extremely seriously.

Importantly, Pay It Now’s systems, network, and customer data remain secure. We have found no evidence of any compromise to our platform.

What We Understand So Far

Based on our monitoring and investigation, these incidents are most consistent with a broader issue where login credentials, such as email addresses and passwords, have been exposed through data breaches on third party platforms.

While we cannot confirm the exact source in every case, this appears to be the most likely cause based on the patterns we are seeing. In some situations, users may not be aware their details have previously been exposed.

Where credentials have been reused across multiple services, or where passwords are easily guessed, this can create an opportunity for unauthorized access across a range of platforms.

Unfortunately, this type of activity is not uncommon and is not limited to just Pay It Now customers. Anyone with an online presence could be at risk

As an example, in 2025 Cybernews reported that approximately 16 billion login credentials were exposed through infostealer related data leaks, highlighting the scale and ongoing nature of global data exposure.

Steps We Have Taken

As soon as this activity was identified, we acted immediately to further protect our customers and the wider network. This included locking down certain system functions where required, manually reviewing transactions leaving the network, increasing monitoring across account activity, and strengthening internal security and detection controls.

As always, our priority remains the safety and protection of customer funds.

Encouragingly, these actions have already helped protect multiple customers from further harm.

Protecting Your Account

Data breaches and credential leaks remain an ongoing issue across the internet. If your email address or password has been exposed in the past, even on an unrelated platform, it can increase the risk of unauthorized access across other services where the same or similar credentials are being used.

We are taking this opportunity to encourage all users to review and strengthen their account security.:

• Use a strong, unique password for your PIN account
• Avoid reusing passwords across multiple platforms
• Enable Two Factor Authentication (2FA)
• Monitor your transaction and account activity for anything unusual

We also recommend reviewing other platforms you may use, including websites, social media accounts, and apps, to ensure your login details remain secure.

As an added step, you can check whether your email address has been exposed using the New Zealand National Cyber Security Centre tool at https://www.howexposedami.co.nz/ and review additional guidance via Netsafe at https://netsafe.org.nz/online-safety-at-home/keeping-accounts-safe-with-online-security

Ongoing Security Enhancements

Your security is important to us, and we appreciate your patience as we continue to strengthen the PIN Network.

While the root cause of these incidents sits outside of the PIN Network, we are focused on doing everything we can to protect our customers within our environment. As a proactive step, we are actively developing and rolling out additional security measures, including added safeguards designed to help prevent unauthorized access and transactions.

As part of these enhancements, certain security features that were previously optional will now be enforced as mandatory.

You may have already noticed additional authentication steps within the app, such as 2FA and verification code checks. While these may feel inconvenient at times, they are being introduced with one priority in mind: protecting your account and your funds. We are continuing to refine these processes to ensure they remain as seamless as possible.

We appreciate your support and understanding as we continue to strengthen our systems and maintain the PIN Network as a safe and secure platform.

If you notice any unusual login or account activity, please change your password immediately and contact our support team if you have any questions or need assistance.

We remain focused on staying ahead of emerging threats and continuously improving the security of the PIN Network.

Pay It Now Team

Important: The Pay It Now team will never ask for your PIN Network App password, 2FA codes, or credit card details - including any numbers from your Web3 Mastercard® Please be aware that the information provided here is for educational and informational purposes only and should not be considered as financial or investment advice.

Daniel Rawiri

Head of Marketing and Merchant services at Pay It Now

https://payitnow.io
Next

Keeping Your PIN Network Account Secure: A Simple Guide to 2FA