Hacker Hits RBS WorldPay Systems Database
Romanian hacker says he discovered a SQL injection flaw on a WorldPay application, but RBS says no merchant or cardholder data was compromised
By Kelly Jackson Higgins | DarkReading
A Romanian hacker well-known for discovering SQL injection vulnerabilities in high-profile Websites has struck again -- this time on RBS WorldPay's site, where he says he hit the jackpot, the company's database.Continue Dark Reading
The hacker, who goes by "Unu," says he accessed RBS WorldPay's database via a SQL injection flaw in one of its Web applications. RBS WorldPay maintains Unu accessed a test database that didn't carry any live data, and that no merchant or cardholder data accounts were compromised. The company has since taken down the pages.
Unu says the company's response to his email warning of the vulnerability, as well as other security problems, was "unprofessional" and "confused."
Bonus Coverage!
RBS WorldPay downplays database hack reports
Updated RBS WorldPay and a hacker are at loggerheads over the seriousness of a supposed breach on websites run by the payment processing firm.Security shortcomings - since blocked - on RBS WorldPay website exposed confidential information, including admin passwords and the contact details of partners, according to blog posts by Romanian hacker Unu.
RBS WorldPay initially responded to our inquiries by saying that the reported SQL injection attacks mounted by Unu were thrown against test websites. All the dummy data involved was fictitious and in no way confidential, so there was no breach...
Editor's Note: You may or may not remember that RBS WorldPay previously had 1.5 million cards hacked. Here's a refresher provided by DataLossdb.com
1.5 million credit card records compromised via hack | |
Records | 1,500,000 |
---|---|
Record Types | CCN SSN |
Breach Type | Hack |
Source | Unknown |
Organization | RBS Worldpay |
Other Organizations | None |
Lawsuit? | YES |
Data Recovered? | NO/UNKNOWN |
Arrest? | NO/UNKNOWN |
Submitted By: | securityninja |
TIMELINE
Date | Event |
---|---|
2008-11-10 | Incident Occured |
None. Add Data | Incident Discovered By Organization |
2008-12-23 | Organization Reports Incident |
2008-12-23 | Organization Mails Notifications |
None. Add Data | Records Recovered |
2009-02-18 | Lawsuit Filed |
None. Add Data | Arrest Made |
SIMILAR INCIDENTS
records | date | organizations |
---|---|---|
206,000 | 2005-12-28 | Marriott International |
679 | 2007-05-29 | Mytreo.net |
55,000 | 2006-01-08 | Kerzner International Bahamas Limited, Atlantis |
0 comments