×
  • Business - Companies
  • Updated: May 13, 2023

Reasons Why Your Bank Account Is Not Safe

Reasons Why Your Bank Account Is Not Safe

As the number of bank customers keeps increasing, those of fraudsters/ hackers on the hunt for people's account details are also on the rise.

Unfortunately, the more customers try to protect their information, with passwords, the more hackers dig deep and find means to hack bank accounts.

Most times, they succeed due to how vulnerable banks are as a result of the poor security system of financial institutions.

Below are five reasons why your bank account is not safe, according to a post penned by Sennaike David, an Information Security expert and bug bounty hacker.

1. About 70 per cent of banks run vulnerable versions of Cisco VPN and Forti IOS (Cisco VPN is a platform that lets you control everything from servers to containers, apps and infrastructure from a single platform).

These vulnerable versions allow you to read the session details of the VPN users and the content of VPN servers.

Many banks have their users connect from the outside into the bank using these VPNs to perform tasks.

2.  Some banks expose log files such as Elmah log file (Log files are a historical record of everything and anything that happens within a system, including events such as transactions, errors and intrusions).

Some financial institutions even provide access to a drive containing logs to hackers.

3. Over 30 banks run a vulnerable web-logic server that gives access to their servers.

The Web-logic Server versions are from 12.2.1.1.0 to 12.2.1.4.0.

These exploits to these servers are readily available and accessible, and easily exploitable.

4. About four banks in Nigeria run custom “Moneytor” servers that expose Jolokia interfaces (Moneytor is a software-as-a-service which provides aid for debt management to both the lender as well as the borrower) and a quick search for Jolokia exploits shows you can access these servers within a few minutes.

5. There are several usernames and passwords of bank servers that are being leaked to everyone.

For instance, search for 'leaks' on GitHub and see the number of valid passwords and usernames of bank servers and staff being leaked to everyone.

At least 99% of banks have a valid leaked password on GitHub, which makes it easy to get details of banks on GitHub.

When you type: “mybankwebsite.com," you will be amazed at the number of interesting passwords belonging to banks that would pop up.

Related Topics

Join our Telegram platform to get news update Join Now

0 Comment(s)

See this post in...

Notice

We have selected third parties to use cookies for technical purposes as specified in the Cookie Policy. Use the “Accept All” button to consent or “Customize” button to set your cookie tracking settings