In November 2015, it was revealed that two databases belonging to Money Bookers had been leaked. The leakage was reported to have affected around 3.6 million users. Several personal information belonging to users has leaked among them answers to secret password recovery questions, telephone numbers, addresses and birth dates. Fresh investigations were made by the owner of Money Bookers unaware that hackers had made away with so many data. The cyber breach had Money Bookers’ virtual private network (VPN) that has been designed to provide secure access to the firm’s network being hacked and the transactions database located. The hacker compromised the virtual private network account to gain access to the production database. Investigations revealed that specific records were to be transferred to the hacker though the attempts to grab the information failed. Investigators believe that the possibility of having successfully transferred the data by the attacker is little. Money Bookers did not, however, respond to the questions asking about their subsequent findings.
The company gave an official statement on the 29th of October after being asked by Troy Hunt, owner of the haveibeenpwned.com website and Thomas Fox-Brewster, who is a Forbes reporter. Hunt and Thomas had received databases from a third-party person that was never named. The third discovered the databases on the Dark Web. Hunt became aware of the incident after he was contacted by someone who offered him the 000webhost.com database. The database was then to be added to the HIBP service. After verification of the data bank, Hunt concluded that it was authentic 000webhost.com data. He later moved to inform the service about the issues. He did not get a response from the involved company which pushed him to disclose the incident on his blog. The intrusions were however reported to be minimal, and there was no data that was used for fraudulent purchases online.
Investigations carried out by the top four consultancies Deloitte found out that Money Bookers customers did not suffer any financial losses as a result of the breach. Though, it was not clear whether the breach was ‘material’ or not. The breach was not disclosed to Money Bookers’ customers immediately due to the apparent insignificance.
Money Bookers, now called Skrill, is well known as payment processors for online gambling sites. Due to they deal with lots of cash, it makes them vulnerable to cyber-attacks. Hackers are known for wanting to make quick money from at other people’s expense.
Digital shadows possessed records of Money Bookers back in 2010 on a night in Russia. It was reported that middlemen were used to sharing databases belonging to Money Bookers between two parties that were not named. No evidence to support these claims were provided. The informers said all they wanted was for the customers to be made aware of the breaches. They also reported that back in 2012, a user raised complaints concerning their account being hacked. Another user stated that they had been given an offer to buy a Money Booker’s database.
References
http://news.softpedia.com/news/000webhost-com-loses-data-for-all-13-customers-all-password-were-stored-in-plaintext495488.shtml
http://www.forbes.com/sites/thomsbrewster/2015/11/05/optimal-payments-hack-investigation/£35f6e8ae4f24