Westpac’s PayID attacked, private details of 100K Australian bank customers leaked
Nearly 100,000 bank account-holders in Australia have experienced exposure of their private details during one cyber-attack against Westpac's PayID a payments platform in real-time that lets money transfers instantly from one bank to another.
The function of PayID is to enable anybody enter an e-mail address or mobile number for confirmation of the corresponding bank customer's name. This' potentially risky as if any threat actor resorts to brute-force he can speculate or validate a bank customer's existence.
The assault targeted at Westpac that as well impacts other bank customers has initiated an alert from security specialists that it was possible to use the stolen data to commit fraud. www.smh.com.au posted this, June 3, 2019.
While a confirmation of the attack followed from Westpac the company however didn't provide the umber of Aussies who've been impacted.
According to a Westpac spokesman, the company found that its PayID's functionality had been misused so it adopted extra preventive measures that didn't include shutting down any system. Consequently, there wasn't any compromise of customer bank A/C. After this the company didn't find any more inappropriate activity, the spokesman said. www.smh.com.au posted this, June 3, 2019.
However, as per one leaked communication going out from Westpac towards other companies specializing in financial services, which Sydney Morning Herald published, it was understandable that the con artists were able to make 600,000 "lookups" enabling to successfully find the names of 98,000 customers. www.businessinsider.com posted this, June 4, 2019.
Additional examination of the attack uncovered that it was from April 7, 2019 when the attacks started. It's speculated the attackers belong to foreign lands. Digging at the logins suggests they're in USA.
Meanwhile, it's also not clear about the individual's identity responsible for pilfering the PayID data as well as what intention lies behind the theft.
NPP Australia that operates PayID inclusive New Payments Platform stated that it couldn't comment. Nevertheless it stated that institutions of finance participating in NPPA were required for taking up actions towards monitoring use of PayID in any unnatural transactions while making sure clients/client applications didn't use PayID for garnering data to satisfy any fraudulent intent.
» SPAMfighter News - 6/5/2019
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!