From the QIWI-Purse Rosuznika took half a million rubles

UPDATE: Money back, details below.



From the QIWI-Wallet of the charitable project “Rosuznik”, the attackers removed almost half a million rubles, or more precisely, 483 thousand.



The account password was changed by intercepting an SMS message with a code to change the password. This should not have a significant impact on the performance of the project, the amount, according to the employees, is about 5% of the total revenue, most of the work goes with other payment systems. QIWI-wallet was convenient for residents of the regions, work with it will continue after the analysis of this story.

')

Source of

Unfortunately, we have very bad news. We were robbed for a large amount - almost half a million. Today, at around 4:00 pm, we began to receive successive SMS messages with a code for changing the Qiwi-wallet password. At first glance, there was nothing suspicious about this: the login for entering Qiwi coincides with the wallet number (and the associated phone number), so anyone can click these “Forgotten?” Links to send such SMS to account holders. Despite this, we immediately sent a message to the Qiwi security service:



QIWI Wallet Number: 79175905631



Contact E-mail: *** @ ***



Message: I draw your attention that today I started receiving a flurry of SMS messages with a temporary password to change the main password to my wallet.



A few minutes later the last SMS came: "Your temporary password is such and such." It became clear that the matter was serious, so we immediately dialed Qiwi support service with the requirement to block the account until it was clarified.



We tried to log in to Qiwi on our own - the password was no longer working. We reset the password, inserted the staff SIM card into the phone (previously it was forwarded to redirect phone calls and SMS on the duty staff), and then everything became clear. The SIM card did not show signs of life - apparently, the attackers somehow made a copy of the SIM card (reissued it), requested a new password for the wallet on it, logged in and instantly withdrew all the money. Qiwi security service responded to it in a few hours in response to the second letter.



Tomorrow (today) we file a complaint with the police on the fact of embezzlement of funds, we will seek to initiate a criminal case, our lawyer Dmitry Dubrovin began to work.

There is clearly a lack of protection of the service and non-operational security service. It is also interesting how the interception of the SIM card or SMS messages was performed.

As far as I understand, it will be easy to track the attacker and roll back the transaction, this is not a cryptocurrency, all QIWI operations go through real banks.



It will be interesting to me to follow further developments, especially since I myself have a QIWI wallet, through which I sometimes make money transfer operations that are essential for me. I want to understand how it happened, and insure myself against such actions, as well as a little popping security service to increase the degree of protection.



UPDATE: Money back, details below.

Plus half a million rubles

The situation with donations on the QIWI account, which was accessed by the attackers, was resolved in a positive way due to the excellent work of the QIWI support service. All money is returned to our account, which will now be provided with additional protection, precluding the repetition of such situations. We made sure that the QIWI wallet is a safe way to collect donations, we will continue to use it.



Our yesterday's conjectures about how we were “opened” were confirmed: illegal receipt of duplicate SIM cards. We will not talk for more details about the actions of the intruders, as well as about the moments that they were not allowed to bring to the end.



RosUznik thanks the QIWI group and all those who continue to support us, who have not turned away from us in difficult times. Thanks you!