CCAvenue, one of the largest online Payment gateways of India, has been compromised by a hacker who goes by the name d3hydr8.
According to HackerRegiment, this website was compromised by exploiting a SQL injection vulnerability and all the admin passwords which were apparently stored in Plain Text, have been leaked in a report which includes a list of databases, info on the tables within the databases and screenshots of the admin passwords of the CCAvenue portal.
Furthermore, it added that they have reported the issue to CERT India (Indian Computer Emergency Response Team) and are anticipating corrective action to be taken before the information becomes public through other channels.
Vishwas Patel, CEO of Avenues India which runs CCAvenue, initially wasn’t sure of the damage and said he’d respond after they’ve looked into how significant the breach was. Although he added they didn’t store any credit card details or any other payment details.
In a quote to Medianama, he said:
“From our side, we’ll have to look into it. It is not possible, because of the kind of application level firewalls that we have put up. We don’t store credit card numbers or any other kind of payment details because of the Payment Card Industry Data Security Standards, and there is no credit card or payment related info on our servers. There are new standards that have come in, that is PCI DSS 2.0, which are more stringent than the earlier standards, and we have just completed the assessment under that last week.”
“More than 85-90% of our transactions are netbanking and non-credit cards related transactions. Those transactions go through the bank server, where the end customer enters usernames and passwords, and we don’t store those. They are entered on the bank servers. There is no payment related info on our servers. CCAvenue is just a redirector in this case.”
Later, he rebuffed the activity saying this is a mischevious slander against CCAvenue. He said the screenshot that has been leaked is not of their current database since it quotes the server type as Apache/2.2.14 and they have shifted to Apache/2.2.17 since 5 months.
He also said they had stored all the passwords as encrypted and not plain text as before, although users on Twitter are stating a different story.
More to follow. Stay tuned for updates.
Get the TNW newsletter
Get the most important tech news in your inbox each week.