VPN Articles and News

Millions Of Moneybookers and Neteller Accounts Hacked By Cyber Criminals

Sunday, August 14th, 2016

Optimal Payments, owner of payment processing and e-wallet solutions like Moneybookers (now Skrill), Netseller, Meritus, Netbanx and Global Merchant Advisors; has acknowledged that Moneybookers and Netseller suffered a major data breach in 2009 and 2010. The issue came to light when an anonymous source sent copies of data stolen from these two sites to Troy Hunt, the owner of haveibeenpwned.com; as well as Thomas Fox-Brewster (who is a reporter with Forbes). Troy and Thomas then launched an independent investigation and came to the conclusion that the details contained in the stolen databases were legitimate. Subsequently they contacted Optimal after which the company was forced to admit that its subsidiaries suffered a data breach over 5 years ago.

Skrill and Netseller are popular payment processors which handle transactions worth millions of dollars every day and are especially popular among online gamblers. Due to the sheer number of users and amount of money changing hands on a daily basis, these two are also frequently targeted by cyber criminals. The source who sent the information to Troy and Thomas said that the account details stolen from these two payment processors were being sold on the “dark web” for a whopping $20,000 in 2011 and 2012.

As per Troy and Thomas, the database dump contains details of about 4.5 million Moneybookers accounts and 3.6 Netseller accounts. They have also revealed that the databases contained extremely sensitive details such as Date of Birth, email addresses, physical addresses as well as telephone numbers of users which means it could be used for a range of criminal activities including identity theft. What’s worse, the Netseller data dump even contained answers to password hint questions so anyone having access to it could easily compromise accounts of hundreds of thousands of Netseller users.

Optimal said that the Netseller accounts were compromised by exploiting a flaw in Joomla CMS (content management system). The company also said that while the hackers were able to gain control over the compromised server, no financial information was stolen since the server did not contain those details. As for Moneybookers, the attackers were able to infiltrate its system via a compromised VPN account. Although the hackers got access to a server containing Moneybookers userid and password details, the information itself was encrypted which means that it was of no use to the attackers.

While Optimal has admitted to the data breach, it denies that account details of millions of users were compromised. The company also said it has launched its own investigation in the aftermath of the details provided by Troy and Thomas. Optimal has also expressed confidence that the stolen details have never been actually used by the criminals in the real world. The matter has also been referred to Financial Conduct Authority and Information Commissioner’s Office who look after financial frauds and data security respectively.

The case is a good example of how hackers can infiltrate and steal user accounts from even the most secure systems. It also shows that accounts stolen years ago can continue to cause security scares over a long period of time.

August 14, 2016

Leave a Reply

Your email address will not be published. Required fields are marked *

9 + 3 =