Sri Lankan payment gateway PayHere suffered from a cyberattack

May 2, 2022
Sri Lanka Online Payment PayHere Cyberattack Data Breach

A Sri Lankan payment gateway service provider called PayHere has suffered a data breach attack reported last April 2, 2022. According to researchers, the attack has caused the website of PayHere to go offline after the unidentified threat actors warned to leak the firm’s stolen data and source code.

Based on the threat actors’ claims, the payment gateway has not complied with the Payment Card Industry Data Security Standard or PCI DSS, adding that the firm lied about its security.

On the day of the cyberattack, PayHere announced and acknowledged suffering from the incident via Twitter and Facebook posts and assured their security team had already begun investigations. Moreover, the firm stressed that clients’ financial data had not been compromised.

 

On May 1, 2022, the payment gateway clarified that clients’ credit card details were safe from being compromised. Still, several other factors had been impacted by the attack.

 

A detailed statement was published by PayHere through a blog post, aiming to inform its clients about the transpired cyberattack.

From the statement, the firm explained that unknown attackers modified their website’s landing pages with a message informing visitors about it being ‘hacked.’ They also clarified that the news peddled by the threat actors about them being non-compliance with PCI DSS was false, and is only spread to create negative reactions among clients.

Despite clarifying that the attack did not compromise their merchants’ credit card data as opposed to the claims of the threat actors, the payment gateway revealed that their SMS gateway was hijacked to send texts to all merchants with the ‘PayHere is hacked’ message.

As the firm reiterated in their post, no financial damage had transpired due to the attack; however, they said their reputation as a payment gateway service provider had been affected.

Aside from the firm’s SMS gateway, they also mentioned that the attackers had intruded on their servers and suspected an attempt to plant malware. Their security teams have yet to figure out the root cause of the attack, hence, temporarily putting on hold on new merchants’ onboarding process to ensure security amid investigations.

The firm also took immediate measures and changed its third-party payment integration and payment credentials to avoid similar incidents in the future. They also advised their merchants to reset their passwords on the Merchant Portal for additional safety.

Furthermore, the investigations revealed that the threat actors had planted a webhook, aiming to receive alerts whenever new users logged in after that attack. This password compromise has affected some of the firm’s merchants, thus, informing them accordingly to ensure that their new passwords are stronger and not used anywhere else on the internet.

To avoid future attacks, the firm explained that they had shut down the compromised server and had transferred to an entirely new one with distributed infrastructure. More tightened security rules have also been applied, including strict firewall protocols, geographical restrictions, and rate-limiting to prevent similar external intrusion attempts.

Working with cybersecurity teams has also helped PayHere assess the incident and implement appropriate security rules. The company sent their apologies to all affected clients and has taken full responsibility for the impact it caused.

About the author

Leave a Reply