Online Payment Platform Payza's Blog Hacked, Users Credentials May Have Been Compromised

Online Transaction Company Payza’ Blog Hacked by Madleets

A Pakistan based hackers collective going by the handle of MadLeets hacked official blog of the U.S based online transaction company Payza couple of hours ago. The webpage, www.blog.payza.com which was showing defaced message left by Madleets has since been taken down by Payza webmasters.

Payza

Payza (formerly AlertPay) is an Internet payment system similar to Paypal. It allows users to transfer money between accounts by using email addresses for a fee.  Payza is particularly popular amongst its users because it allows Bitcoin transfers in addition to other world currencies.

According to Hackread, the hack attack involved two members of Madleets team, MindCracker and H3ll D who in conversation with Hackeread said that they had access to usernames, emails and passwords of Payza users.  In the meantime Madleets member, MindCracker also announced the hack on their official web forum and Twitter

 Our current investigation shows that they are not related to any Payza credentials at all, but investigations are still ongoing

The deface page which has since been taken down showed a message for Madleets along with screenshot showing clear-text passwords of registered Payza users.

 Our current investigation shows that they are not related to any Payza credentials at all, but investigations are still ongoing

MindCracker has noted that Madleets hacking of Payza blog was primarily to bring the vulnerabilities in the website to Payza admin’s notice and they did not plan to leak the user details.  Payza has tweeted that the user details of Payza blog are not connected to the financial vertical of Payza. in reply to a tweeter’s query.

Payza’s response

However Techworm contacted Payza to know if the credentials shown in the deface page were associated with them was leaked and why one another subdomain dev.payza.com/ was down. payza replied that  there initial investigation shows that the alleged credentials are not associated with any of the Payza’s financial service, but investigation is still going on and these are currently down to perform maintenance

We are awaiting further updates from Payza.

LEAVE A REPLY

Please enter your comment!
Please enter your name here