Sign Up arrow_upward


Хакеры атаковали владельцев "Кукурузы"

Около сотни владельцев карт "Кукуруза" пострадали в результате хакерской атаки. Злоумышленники разжились доступом к логинам и паролям от мобильного и интернет-банка, подключили Apple Pay и вывели средства, пишет "Коммерсант". Общая сумма ущерба могла составить несколько миллионов рублей.

Жалобы владельцев "Кукурузы" о хищении у них средств стали появляться на сайте начиная со 2 мая. Жертвы атаки получили СМС, что их карта подключена к Apple Pay, сразу после этого были выведены деньги на номер Теле2. Пострадавшие утверждают, что причин хищения две - утечка логинов и паролей, а также возможность подключения в мобильном приложении "Кукурузы" Apple Pay без подтверждения операции СМС или пуш-уведомлением - никто из владельцев карты их не получал.

При атаке применялся метод "смежного взлома" - был атакован сервис, где были данные об обладателях карт, говорит источник, знакомый с ходом расследования инцидента. По его данным, часть паролей совпала и удалось совершить вход, часть была просто похожа и злоумышленникам взлом не удался.

Основные обстоятельства атаки были установлены 6 мая, отмечают в объединенной компании "Связной/Евросеть", которая и предлагает своим клиентам данные мультифункциональные бонусные платежные карты. Были ужесточены параметры мониторинга, начался сброс паролей клиентов, которые были скомпрометированы, была введена обязательная двухфакторная аутентификация на подключение Apple Pay.

Похищенные средства удалось остановить, всем пострадавшим они были возвращены, говорит СЕО компании Александр Малис. В "Связной/Евросеть" сообщают о похищении около 2 млн рублей.

По данным эмитента карты РНКО "Платежный центр", был взломан один из социальных сервисов, не связанный с "Кукурузой", далее злоумышленники проверяли - не совпадает ли логин и пароль на сервисе с логином и паролем в мобильном или интернет-банке. Взломанный сервис до установления всех фактов атаки не называется.

To mention another user in a comment, enter the @ sign

You can mention other users if you follow them or if they took part in a discussion

To mention a security in comments, enter its ticker after the ^ sign

Recent blog comments

Silver Surfer

For 10 years, our managers successfully manage the portfolio of SilverSurfer trend strategy on the Russian stock market.

Blog Rules and Liability Limit

Tradernet’s social network gives its members an opportunity to communicate with each other and debate on economic questions or market events. Anyone who follows our Blog Rules can take part in the debate.


1. Registration

1.1 By singing up for a new account, you agree to the policy and terms of Tradernet’s website.

1.2 A nickname (profile name) is chosen by a user. It is better to avoid nicknames matching the ones already existing on Tradernet social network.

1.3 an Avatar is a small image displayed in your posts and blogs. Selected by the user himself. The avatar can be changed depending on the desire and mood, but with its frequent change there is a risk of «getting lost», because other users get used to your virtual face.

1.4 it is strictly forbidden to use in the name, nickname, avatar, rude or obscene expressions, content in any manifestations of debauchery, violence, advertising text or political orientation.

1.5 All materials published on this website (including user messages), reflect only the views of their authors, website administration does not give any warranties, express or implied, that they are full useful or truthful. You can use them at your own risk. Website administration is not responsible for any direct or indirect damage caused to you as a result of the use (or non-use) of these materials, loss of profits, loss of information and more. The administration of the website is not responsible for the content of advertisements placed on the pages of the website, as well as materials that can point links from the materials located in the Forum.

2. Communication in blogs

2.1 Each user has the right to blog.

2.2 Any user has the right to comment on any post on Tradernet social network.

2.3 the author of the blog should strive to ensure that the blogs are not only interesting to the community, but also exclusive to Runet.

2.4 When publishing posts, users are welcome to use hash tags to increase the number of readers and followers.

3. Ways to get banned

3.1 it is unacceptable to use on the resource rude expressions, insults, insulting national or religious feelings, advertising in any form. To resolve personal matters, use private messages.

3.2 It is strictly prohibited to send other users public or private messages containing direct and serious attacks on any category of users, moderators or administrators based on their race ethnicity, national origin, religion, sex, gender, sexual orientation, disability or disease. To solve any problems, users can send personal messages to moderators. It is forbidden to make administrators’ and moderators’ messages public.

3.3 A large number of grammar errors can get user’s posts deleted from the public feed.

3.4 Violation of rules is punishable by a 7 days ban. Subsequent violations may force the administration to extend this period indefinitely.

4. Website administration

4.1 the Administration proposes to build the relationship between users, and between the users and the administration in a friendly and respectful manner. A healthy sense of humor is welcome.

4.2 Administration is ready to consider any proposals to improve the work of the resource. Publish your ideas in the General feed with the tag «Innovation».

4.3 The website administration reserves the right to go beyond the scope of the rules when acting in the best interests of Tradernet’s system and its community.

5. Information dissemination

5.1 The website administration:

5.1.1 has no obligation to check all the materials posted by users on the website;

5.1.2 shall not be liable for the content of materials posted by users and for any potential negative effects resulting from the usage of such materials;

5.1.3 has the right to delete user’s posts falling short of the accepted policy.

5.2 By posting materials to the website, Tradernet’s users:

5.2.1 confirms having all the rights necessary to post the materials to the public, and agrees to independently settle the claims of third parties challenging the the user having such rights.

5.2.2 is solely responsible for compliance with the applicable laws of the materials posted.

5.2.3 agrees to compensate for any damage caused to TRADERNET as a result of violations by the User of the law or the rights of third parties.

5.2.4 grants the website Administration and its partners a free, permanent, irrevocable, non-exclusive right (non-exclusive license) in the territory of all the countries of the world for the entire period of copyright protection provided by the local legislation in respect of such materials, including the use of these materials, posting them, storing, reproducing, publishing them, displaying, and distributing the listed rights.

5.2.5 at the request of the website Administration, agrees to provide copies of identity documents.