No doubt, digitisation (digital platforms) has immense advantages but we don’t usually mention the risk of unauthorised access that comes with these platforms. Even WhatsApp, which we consider to be very secure, was a victim of hacking last week.
Yesterday in the afternoon someone reached out to us through our Tips section telling us that Escrow Group’s websites had been hacked. Escrow group is the company which owns C-Trade a digital trading platform for shares and other securities and Finsec, an alternative stock exchange platform mainly targeted at listing SME’s for public trading. Two platforms which I should give props for trying to make the average Zimbabwean access the capital markets.
The person who tipped us even told us the type of attacks that hit C-Trade and Finsec: SQL injection and a denial-of-service attack.It was one hell of a detailed tip because the guy went as far as to tell us that 16 databases were open for anyone to mine data. Here’s the tip.
We checked the different websites and they seemed to work properly. However, working properly doesn’t necessarily mean there was no hack. This morning we noticed though that the Finsec website was not easily accessible especially the homepage.
What Escrow says
So we reached out to Escrow to confirm if the tip was anyway close to the truth. And Escrow confirmed that there were attempts to hack their system. Upon realising the hacking attempt, Escrow “temporarily blocked access” to their platform for it’s users.
The good thing is that they managed to identify the source of the attack and then secured their platforms against future hacking attempts. So now both C-Trade and Finsec are working properly but there will be sporadical disruptions as Escrow’s technical team continue to secure the platforms from future attacks. Here’s Escrow’s reply:
There indeed was an attempt to tamper with the Escrow websites on the afternoon of 23 May 2019 and as a precautionary measure we temporarily blocked all access. Once our technical team identified the source and nature of the attempts and were satisfied that there were no serious threats, full web services were restored. We have also alerted our Internet Service Providers who have assured us of the security of all our websites. Intermittent disruption may be experienced on any of the websites as the ISP effects any further security measures but all our services remain available as normal. We would like to assure our valued clients that we are on top of the situation and they should continue going on about their normal business.
Since Escrows says there was an “attempt to tamper” (hack), and no hacking took place, it stands to reason that no database was accessed by the culprit. Suppose you are Finsec and C-Trade user and you see something unusual in your account reach out to Escrow so they can look into it.
5 comments
Sounds like the person who gave you the tip was the one who hacked the sites
SQL Injection on a site in 2019 huh. Makes you wonder what their devs are doing.
No attempt to tamper doesn’t mean no database was accessed, it means no data was modified. I also agree with the other comment that the guy who gave the tip-off has the glee one would associate with the culprit who committed the crime. He sounds proud and wants the story to be heard.
CTRADE WEBSITE IS UNRESPONSIVE THIS MORNING
I personally don’t think this guy had a clear motive behind attacking these website.He might have been celebrating that he have hacked the sites but nowadays u can be redirected to hack the demo site if your traffic behavior is suspicious. C-Trade and associated websites were up all the way. and did not seem to have been attacked.