These 70 000 cards were compromised on payment gateway Railways

Another sad news from the world of Heartbleed, which became known yesterday.





These cards, which were used to purchase the tickets online Railways have been compromised for the simple reason that the vulnerability was closed Heartbleed it only one week later (15.04.2013) i>. All this time, unknown attackers can steal with impunity data from the site, using the acclaimed vulnerability.

To draw attention to the problem and to motivate the user to reissue their cards by unknown hackers created website sos-rzd.com , which is laid out for the dump Billing on April 14th. Total number of records 10532, suggesting that the approximately 70 thousand cards compromised a week since the vulnerability. The authors call for some reason the figure of 200 thousand.

In this situation looks strange reaction of the Railways and VTB24. They completely deny vulnerability and accuse a phishing site activity

Here's a comment from the press service of VTB 24 with RBC

«any attacks on the payment gateway through which to purchase tickets online www.rzd.ru , was not. Gateway protected the latest version of the standard payment card data security. All customers transacting through it, guaranteed absolute security payments, "- said RBC spokesman of the credit institution. Source RBC bank is sure: the site is created for visitors to leave him there evidence of their cards. Blockquote>
However, this statement is untrue. Vulnerability to the site Railways was about this author wrote in the topic What threatens Heartbleed simple user? , He confirms that the vulnerability has been discovered them exactly VTB 24 and the gateway is online Railways.

Another comment from the press service

If you look closely at the site, it is in itself raises many questions: instead of the names used by the numbers, abbreviations, meet Russian or partial names, which can not be in the case of bank cards. It seems that it's just a fake. Blockquote>
Also very strange statement. The vulnerability allows to get data from the server's memory, respectively, if the user has entered an incorrect or incomplete data, they will be the same and in the dump. However, the data confirm the authenticity of the majority of the users. For example, Alexei Kopylov, one of the directors of the company Flexis, confirms that its data is in the list and leads photo card + screenshot of an electronic ticket.



 

Also indirectly confirms the authenticity of the data Viktor Lysenko, CEO Roketbanka, promising reissue all cards from the list.

Not converge well and phishing activities. The site offers a check, only 10 of the 16 digits of the card number. And for particularly distrustful allows you to download a database file to check locally.

Moreover, it seems that the site is running against the media campaign. Such large sites like RBC, SecurityLab, JustMedia and others not understand the issue, take a position and VTB24 called phishing site.

Sadly, large Russian companies, instead recognize the problem and take action together to solve it, pretend that nothing happened, in parallel, trying to muzzle indifferent IT professionals.

Source: habrahabr.ru/post/219691/