BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

fringe: RBS Wordpay Hacked - can anyone confirm data loss?

From: security curmudgeon <jericho () attrition org>
Date: Sat, 12 Sep 2009 17:35:04 +0000 (UTC)

[And so we start the he said / she said game. Why does this feel like
  after months of pressure, RBS may admit "could have been compromised" or
  alters the wording significantly away from "nothing bad happened"?
  Second link has screenshots of the attack.]

http://www.theregister.co.uk/2009/09/11/rbs_worldpay_security_snafu/

RBS WorldPay downplays database hack reports
'No access to either merchant or cardholder accounts'
By John Leyden

Updated RBS WorldPay and a hacker are at loggerheads over the seriousness 
of a supposed breach on websites run by the payment processing firm.

Security shortcomings - since blocked - on RBS WorldPay website exposed 
confidential information, including admin passwords and the contact 
details of partners, according to blog posts by Romanian hacker Unu.

The grey-hat hacker previously exposed similar problems on the websites of 
the UK parliament and HSBC France, among many others. As before he 
published screenshots to back up his latest claims.

[..]


http://unu1234567.baywords.com/2009/09/10/rbs-wordpay-hacked-full-database-acces/

RBS WordPay hacked, full database acces

I DID AN UPDATE
RBS WordPay is a business operated by The Royal Bank of Scotland Group.RBS 
WorldPay processes millions of payments every day, for every type of 
business: securely and quickly. Online, face-to-face and over the phone, 
our customers can accept every major card  as well as bank transfers, 
direct debits and a wide range of local cards. Online payments.Accept 
credit and debit card payments over the internet. worldpay says on its 
page. Quickly? Maybe. Securely? Not really. A vulnerable parameter allows 
full access to databases on server. She have many databases. I made 2 
print screens to see almost everything:

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: