A Sodexo notificou uma série de clientes que foi vítima de um ataque direcionado à sua plataforma de cupões de cinema, a Filmology, e está a solicitar aos seus utilizadores que cancelem os seus cartões de crédito.
O serviço atacado, tem o objetivo de recompensar os funcionários do Reino Unido com descontos nos bilhetes de cinem. Em resposta ao incidente, o serviço esteve em baixo de forma a “eliminar qualquer risco potencial” para os consumidores e para proteger os seus dados.
A Sodexo Filmology informou o incidente ao Gabinete do Comissário da Informação e contratou uma equipa de investigação forense especializada para analisar o incidente.
“We would advise all employees who have used the site between 19th March-3rd April to cancel their payment cards and check their payment card statements,” reads the data breach notification issued by Sodexo Filmology.
“These incidents have been caused by a targeted attack on the system we use to host our Cinema Benefits platform, despite having put in place a number of preventative measures with CREST-approved security specialists.”
“We sincerely apologise for any inconvenience this has caused you and are doing all that we can to provide access to your benefits via alternative means. We will share more information on this with you, or your provider, in the coming days.”
Ao fazer uma analise online, podemos verificar que o ataque está a ocorrer há vários meses. Diversos funcionários descreveramn algumas atividades fraudulentas no fórum do Money Saving Expert no mês de fevereiro.
“After speaking to Filmology to ask exactly what had happened, I was informed that my bank details were stolen from the payment page and that the incident has been reported to the ICO. The hack on the payment page was carried out over 2 months and involved many accounts.” wrote the user Chris.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.