Wednesday, September 19, 2018

ABS-CBN shopping sites hacked; customer payment data compromised





Two of ABS CBN online shopping sites hacked on Wednesday / Images from Google and Yuga Tech



Manila, Philippines – One of the news and entertainment giant, ABS-CBN took down two of its online shopping sites on Wednesday, September 19 and was reportedly hacked; customer payment data might have been stolen.

The said security breached was confirmed a day after Dutch security researcher Willem “gwillem” de Groot wrote about it on his website and Twitter account.


Reportedly, de Groot discovered a payment skimmer which has been running since August 16, 2018, in ABS-CBN’s online store. The skimmer allegedly intercepts the customer’s payment details when they shop, and data was sent to Russian servers.

“Personal information and credit cards are intercepted while people shop for merchandise for one of the 90+ television shows. The stolen data is sent onwards to a server registered in Irkutsk, Russia. 
The credit cards and identities are then (presumably) sold on the black market,” de Groot claimed.

He said that this hacking incident has similarities with the earlier hacking of the British Airways and Ticketmaster websites - wherein malware was found to have intercepted transactions as customers checked out.

“ABS-CBN is the latest target in a series of high profile skimming operations. Previously, British Airways and Ticketmaster admitted massive credit card theft of their customers. The methodology found at these crime scenes is the same: browser-based interception during the checkout process. This method is quickly gaining popularity because it defeats the security of encrypted connections (https/SSL),” the Dutch security researcher said

Meanwhile, stock shares in the broadcast giant fell by 3.13 percent to P20.10 apiece following the reports of the hacking incident.*

De Groot cited that he did not get an immediate response from ABS CBN when he informed the company about the breach on Tuesday.

“Filipinos are recommended to carefully check their credit card statements for unauthorized payments,” he said.

The Lopez-led broadcast giant disclosed to the Philippine Stock Exchange that personal data of 213 customers of its online shopping platforms, ABS-CBN Store and the UAAP (University Athletic Association of the Philippines) Store, might have been exposed following breach.

With this, ABS-CBN was forced to temporarily stop the operations of the two online shopping sites on Wednesday morning.

“Personal information and credit card details of our customers may have been exposed,” it said, adding that affected customers had been notified.

“[I]nvestigation is still ongoing,” it added.

It also said that the hacking incident was an “isolated” case and did not affect other properties of ABS CBN, and added that National Privacy Commission was already alerted about the incident.

It also advised the customers to be vigilant against scammers claiming to be an employee of ABS CBN.

ABS CBN’s online store sells merchandises like accessories, books, magazines, CDs, and DVDs, as well as novelties that are related to the company’s shows and programs.