Friday, 6 May 2011

CCAvenue denies hacking attack

Online commerce service provider, CCAvenue, has denied that its portal has been hacked.

Vishwas Patel, CEO,  CCAvenue told NDTVGadgets, "I confirm that the image posted by a hacker is a spoofed, self-created one and not that of our database and it has been created just to create panic and defame our company. We are in the process of filing a criminal complaint against the unknown hacker for the slander and malicious campaign run against our company."

Earlier today, we reported that a hacker claimed to have broken into CCAvenue by exploiting "SQL injection vulnerability".  The hacker, identifying himself as d3hydr8, submitted what he called a full disclosure of his attack on HackerRegiment.com. The "report" included what the hacker said were all the admin usernames and passwords of the CCAvenue portal.

In what was his first reaction on this,  Vishwas Patel said, "First and most [we] would like to say that this a slanderous campaign that is targeting CCAvenue. Based on our initial investigations by our security officials, we confirm that no hack has happened of our servers at 1515 hours on 04th May 2011 by the following person, as claimed in his article. We also confirm that  that the screenshot is not of our live database as the Apache version on live server is 2.2.17 (Updated more than 5 months ago) and not 2.2.14 (as claimed by the hacker). We also confirm that all the passwords of our merchants and all login credentials in our live database are encrypted and stored in our database and not in text format as claimed by the hacker."


He also assured that, "We don't store credit card details or Netbanking account details on our servers."

HackerRegiment has published the details submitted by the hacker but has maintained discretion by blurring the "passwords". The information published includes a list of databases, some information on tables within the databases, and screenshots of the administrator usernames and passwords.

HackerRegiment.com also claims to have reported the issue to CERT (Computer Emergency Response Team) India to help CCAvenue take corrective action before any information is released through any other media.

No comments:

Post a Comment

please poll if you like this site?