[ad_1]
One 15 minutes A reader from Vilnius said that after announcing the leaked CityBee data on Monday, he did not pay much attention to this message at first.
Especially since there were many opinions in the public sphere that leaked data like the personal identification number, the driver’s license number, according to those experts, it will not do much. I basically believed it, ”the story began. 15 minutes reader.
However, the interviewee soon realized that the disclosure of personal data may not be a problem, but the biggest challenge is the clear email address and password.
On Tuesday afternoon, a message came to the email of the man saying that he had logged into his account of the digital entertainment network PlayStation Network from Iran, and he soon saw that an attempt was being made to charge more than 120 euros from the Revolut card. from the bank. linked to the account.
Scanpix Photo / PlayStation
An attempt was made to make a payment to your PlayStation Network account with this card, but was unable to do so due to insufficient funds on the card. After failing for the first time, there was soon a failed attempt to deduct a double amount of € 60.
“I only have this card for online purchases, I do not keep money on it, so I will link it to my accounts without fear of anything happening,” said the reader.
It was possible to log into the reader’s PlayStation Network account using an email that was shared with other CityBee customer data and a password.
Sigismund Gedvila / 15 minute photo / Citybee
The man thought that the programmers had been able to enter his PlayStation account by guessing the password: the leaked CityBee password was not the same, but was based on a similar principle, which, according to the interlocutor, could be guessed after several attempts .
Account access denied
A Vilnius resident said that when he noticed attempts to make purchases on his account, he blocked the Revolut card and changed the password, but the programmers stole it from the account.
You can connect to the PlayStation Network using an email and password, or two-step authentication, when you are also asked to enter a code received by another email or phone. This additional protection was not chosen by the Vilnius resident, but was installed by hacked programmers.
„Scanpix“ / „PA Wire“ / „Press Association Images“ nuotr./Programišiai
So the reader says that they no longer have access to their account and want to log in to remove their Revolut card.
“I use more authentication methods in Gmail and major social networks, but I would not have thought that at first glance insignificant sites would also need to change their password,” explained the reader why the password did not change after learning about the leak.
Now he claims to have realized that this is the developer’s strategy for connecting to Netflix, Spotify, and other accounts linked to payment cards.
“I understand that the objective of the programmers are accounts where they have a subscription and where a certain amount is discounted every month,” said the interlocutor.
I understand that the aim of the programmers is the accounts in which you have a subscription and in which a certain amount is charged each month.
By the way, people share stories on social media that foreign countries have connected to the accounts of their online music listening platform Spotify.
After the incident, the interviewee said that he had changed the master passwords of accounts with more sensitive information.
“I wanted to share this story to refute the views of the skeptics that what they fear here is that the data has been leaked; nothing important will happen to them. I do not agree with that point of view, because it can hit hard, they must take some steps. I’m lucky, but it may not reach anyone, because some people tie the main cards to their accounts, “warned the reader.
Meanwhile, another 15 minutes the reader claimed that an attempt had been made to break into his personal banking in Šiaulių bankas, but after several unsuccessful attempts, the connection was blocked.
“Now I have to go to the bank,” lamented the interlocutor.
IT expert: this is a troubling coincidence
Irmantas Bankauskas, a representative of IT company Baltic Amadeus and an information technology expert, believes these hacking stories may be related to leaked CityBee data.
„Baltic Amadeus“ nuotr./Irmantas Bankauskas
“The fact that people whose data has been leaked are being hacked into different accounts is a troubling coincidence and suggests that malicious people around the world are in a rush to take advantage of the latest black market data, in this case stolen from clients of CityBee.. “, – 15 minutes I. Bankauskas said.
According to him, the login / username on the most popular systems (e.g. Spotify, Playstation) is usually an email address, so after receiving this information, programmers already have half the data necessary to access.
“The other part is the password and here the basic psychology of the users works; it is convenient that they use the same password or a very similar password in different systems, because it is easy to remember. Even if the creation of a password for different systems changes part of the password, eg number, the decoding systems used by programmers will decipher that number very soon ”, thinks I.Bankauskas.
Instantly understand: how to create a password
- Misspelling: These words are more difficult for hackers to encrypt.
- Use different characters, capital letters, numbers.
- Code phrases you know, such as: “I like zeppelins”, can make a great password “M3GstUZ3P3LinuZ”
- Whenever possible, use a two-level authentication process.
- Do not use the same or similar password for private and work accounts.
According to him, knowing one password, another, similar, is not difficult to crack. This is done using the pattern method, which uses a single password to test various variations as a basis.
“So in principle logging into systems that are ‘locked’ only with an email address and password with stolen CityBee data is realistic. So I doubt the connection to the bank, there is one more system complicated, just email. Email will not be enough to know. But it all depends on the amount of personal data that the programmers have – the combination of email, phone and password and the equipment used by the programmers opens many doors “, he commented the expert, who urged the public whose information had been made public to change the passwords for all major accounts.
Banks do not notice anything suspicious
Meanwhile, banks say they have not noticed any suspicious signs yet.
“Cases of financial fraud occur periodically; at the moment, we do not realize that customers are more actively reporting fraud cases,” said Audrius Šapola, Director of the Prevention Department at SEB Bank, 15 minutes ago.
“We understand the concern of those residents who suspect their data has been leaked through a hack into Citybee’s customer database. However, we can assure you that we did not record any fraudster activation in this case, nor did we receive customer complaints about the damages suffered, which could be attributed to this case of data breach, ”says Saulius Abraškevičius, representative of Swedbank. .
Bank of Lithuania Photo / Jekaterina Govina
The Bank of Lithuania also doubted that malicious individuals could use the leaked CityBee data to commit financial crimes. On Tuesday, Jekaterina Govina, director of the Bank of Lithuania’s Financial Market Supervision Service, emphasized that the likelihood of scammers using the leaked data – taking consumer credit on behalf of others or paying for goods online – was low.
[ad_2]