Online Transaction Company Payza’ Blog Hacked by Madleets
A Pakistan based hackers collective going by the handle of MadLeets hacked official blog of the U.S based online transaction company Payza couple of hours ago. The webpage, www.blog.payza.com which was showing defaced message left by Madleets has since been taken down by Payza webmasters.
Payza
Payza (formerly AlertPay) is an Internet payment system similar to Paypal. It allows users to transfer money between accounts by using email addresses for a fee. Payza is particularly popular amongst its users because it allows Bitcoin transfers in addition to other world currencies.
According to Hackread, the hack attack involved two members of Madleets team, MindCracker and H3ll D who in conversation with Hackeread said that they had access to usernames, emails and passwords of Payza users. In the meantime Madleets member, MindCracker also announced the hack on their official web forum and Twitter
Payza Hacked By MindCrackerhttps://t.co/buULPJyLghhttps://t.co/f4pl9oJ4YP pic.twitter.com/8cnGdL20Rp
— MindCracker (@MindCrackerKhan) December 19, 2014
The deface page which has since been taken down showed a message for Madleets along with screenshot showing clear-text passwords of registered Payza users.
MindCracker has noted that Madleets hacking of Payza blog was primarily to bring the vulnerabilities in the website to Payza admin’s notice and they did not plan to leak the user details. Payza has tweeted that the user details of Payza blog are not connected to the financial vertical of Payza. in reply to a tweeter’s query.
@UKAnonWorldWide The Payza blog is a separate environment from the Payza platform, no sensitive info has been compromised
— Payza (@Payzaofficial) December 19, 2014
Payza’s response
However Techworm contacted Payza to know if the credentials shown in the deface page were associated with them was leaked and why one another subdomain dev.payza.com/ was down. payza replied that there initial investigation shows that the alleged credentials are not associated with any of the Payza’s financial service, but investigation is still going on and these are currently down to perform maintenance
@abhishekmdb no, but it was necessary to perform maintenance there as well. Everything should be back to normal shortly
— Payza (@Payzaofficial) December 19, 2014
@abhishekmdb Our current investigation shows that they are not related to any Payza credentials at all, but investigations are still ongoing
— Payza (@Payzaofficial) December 19, 2014
We are awaiting further updates from Payza.