Data of about 70,000 cards were compromised at the Russian Railways payment gateway.
Another sad news from the world of Heartbleed, which became known yesterday.
The data of the cards used to purchase tickets on the Russian Railways website was compromised for the simple reason that the Heartbleed vulnerability was closed on it only a week later (04/15/2013) . All this time, unknown attackers could steal data from the site with impunity, taking advantage of the sensational vulnerability.
')
In order to draw attention to the problem and to motivate users to re-issue their cards by unknown hackers, the site sos-rzd.com was created, on which the billing data dump for April 14 was posted. The total number of records is 10532, which makes it possible to talk about approximately 70 thousand cards compromised during the week from the moment of vulnerability. The authors themselves call for some reason the figure of 200 thousand.
In this situation, the reaction of Russian Railways and VTB24 itself seems strange. They completely deny vulnerability and accuse the site of phishing activity
Here is a comment from the VTB24 press service from the RBC website
However, this statement is not true. Vulnerability to the site of the Russian Railways was, the author wrote about this in a topic. What does a simple user face with Heartbleed? , he confirms that they found the vulnerability on the VTB24 gateway and on the Russian Railways site.
Another comment from the press service
Also a very strange statement. Vulnerability allows you to get data from server memory, respectively, if the user entered incomplete or incorrect data, they will be the same in the dump. However, the authenticity of most of the data is confirmed by the users themselves. For example, Alexey Kopylov, one of the directors of Flexis, confirms that his data is on this list and provides a photo of the card + a screenshot of the electronic ticket.
Also, the authenticity of the data is indirectly confirmed by Viktor Lysenko, CEO of Roketbank, promising to re-issue all the cards from the list.
Does not agree also with phishing activity. The site offers to check only 10 of the 16 digits of the card number. It also gives an opportunity to download the database as a file and check it locally for those who are especially incredulous.
Moreover, it seems that a media campaign has been launched against the site. Such large sites as RBC, SecurityLab, JustMedia and others, without understanding the question, take the position of VTB24 and call the site phishing.
Sadly, instead of recognizing the problem and jointly taking steps to solve it, large Russian companies pretend that nothing happened, while trying to silence partial IT specialists.
The data of the cards used to purchase tickets on the Russian Railways website was compromised for the simple reason that the Heartbleed vulnerability was closed on it only a week later (04/15/2013) . All this time, unknown attackers could steal data from the site with impunity, taking advantage of the sensational vulnerability.
')
In order to draw attention to the problem and to motivate users to re-issue their cards by unknown hackers, the site sos-rzd.com was created, on which the billing data dump for April 14 was posted. The total number of records is 10532, which makes it possible to talk about approximately 70 thousand cards compromised during the week from the moment of vulnerability. The authors themselves call for some reason the figure of 200 thousand.
In this situation, the reaction of Russian Railways and VTB24 itself seems strange. They completely deny vulnerability and accuse the site of phishing activity
Here is a comment from the VTB24 press service from the RBC website
“There were no attacks on the payment gateway through which the purchase of tickets on the website www.rzd.ru takes place. The gateway is protected by the latest version of the payment card data security standard. All customers making transactions through it are guaranteed absolute security of payments, ”a spokesman for the credit organization told RBC. The source of RBC in the bank is sure: the site was created so that its visitors left their card details there.
However, this statement is not true. Vulnerability to the site of the Russian Railways was, the author wrote about this in a topic. What does a simple user face with Heartbleed? , he confirms that they found the vulnerability on the VTB24 gateway and on the Russian Railways site.
Another comment from the press service
If you look closely at the site, it in itself raises many questions: instead of surnames, numbers, abbreviations are used, there are Russian or incomplete names, which cannot be the case with bank cards. It looks like it's just a fake.
Also a very strange statement. Vulnerability allows you to get data from server memory, respectively, if the user entered incomplete or incorrect data, they will be the same in the dump. However, the authenticity of most of the data is confirmed by the users themselves. For example, Alexey Kopylov, one of the directors of Flexis, confirms that his data is on this list and provides a photo of the card + a screenshot of the electronic ticket.
Also, the authenticity of the data is indirectly confirmed by Viktor Lysenko, CEO of Roketbank, promising to re-issue all the cards from the list.
Does not agree also with phishing activity. The site offers to check only 10 of the 16 digits of the card number. It also gives an opportunity to download the database as a file and check it locally for those who are especially incredulous.
Moreover, it seems that a media campaign has been launched against the site. Such large sites as RBC, SecurityLab, JustMedia and others, without understanding the question, take the position of VTB24 and call the site phishing.
Sadly, instead of recognizing the problem and jointly taking steps to solve it, large Russian companies pretend that nothing happened, while trying to silence partial IT specialists.
Source: https://habr.com/ru/post/219691/
All Articles