Three Banks in Kenya have been hacked by Rwandan Hacker. According to Pastebin.com the hacked banks are Prime Bank Limited, Development Bank of Kenya Ltd and CfC Stanbic Bank Kenya. The following are the back end details posted on Postebin.com
—————————–Prime Bank Limited————————
Target:http://primebank-kenya.com/
Date:15/02/2012 18:59:57
DB Detection:MySQL >=5 (Auto Detected)
Method:GET
Type:Integer (Auto Detected)
Data Base:prime_new
Table Name
vacancy
userlevels
userlevelpermissions
update_login
update_level
table_list
subscribers
subpages
newsletter
news
mainpages
login_users
login_levels
location
level_association
financials
financial_graph
faqs
event_gallery
downloads
customer_requests
customer_request_types
currx
curr
city
branches
branch_map
bankingtxt
bankingsub
banking
accounts
account_download
Table: update_login
Total Rows: 1
username password
user user123———Development Bank of Kenya Ltd——————————–
Target: http://www.devbank.com/
Date: 14/02/2012 18:43:52
DB Detection: MySQL >=5 (Auto Detected)
Method:GET
Type:Integer (Auto Detected)
Data Base:devbank_com
Table Name
vacancies
users
usergroup
topic
subscribers
submenu
sublevelone
subcat
rates
publication
newsletter
news
menu
jobs
faq
doc
company
category
Table: users
Total Rows: 2
username psswd
admin 1bafana$
developmentb development——————-CfC Stanbic Bank Kenya—————————
Target: http://www.cfcstanbicbank.mobi/
Host IP:196.35.44.117
Web Server:Apache/2.2.3 (CentOS)
DB Server:MySQL
Current DB: stdbankafrica
Data Bases: information_schema
cobrands
competitions
cricinfo
cricket
dnad_2007
financial_planning
financialplanning
itsinyou
mysql
performance_schema
pro20
sbachiever
sbafcon
sbdepositgrowth
sbfuneral
sbglobal
sbhomeloans
sbjazz
sbphat
sbsoccer
sbspatial
sbstudent
sbvaf
standard_bank_south_africa
stdbankafrica
stdbankcontentmanager
test
Table Name Columns
tbl_transactionalaccountcontent
tbl_transactionalaccount
tbl_savingsinvestmentcontent
tbl_savingsinvestment
tbl_salesmanager
tbl_lendingcontent
tbl_lending
tbl_leads
tbl_insurancecontent
tbl_insurance
tbl_domainname
tbl_domain
tbl_country
tbl_content
tbl_competitioncontent
tbl_competition
tbl_branch
tbl_alphabet
Looking at the three websites, I realized one interesting fact on the Prime bank website. On the website there is a button at the bottom indicating that the site is Safe and Hackers tested. With that I thought may be the hacking news might not be true for the Prime Bank . So I tried to access the backend using the exposed login details. Oooh my Browser gave me a stun warning:
This Connection is Untrusted
You have asked Firefox to connect
securely to altar16.supremepanel16.com:2083, but we can’t confirm that your connection is secure.
Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right place. However, this site’s identity can’t be verified.
If you usually connect to
this site without problems, this error could mean that someone is
trying to impersonate the site, and you shouldn’t continue.
Yes, I got scared but I did not stop there. On the login window, I entered the user name and password. That did not go through but on the same window there is a place to reset the password if you know the user name. I enter the user name and yes that went through.
Password Reset
Resetting password for password
A confirmation email has been sent to the email address on file. To continue, enter the confirmation code in the email, or click the link in the email.
Very risky……but the reset details are sent to the admin email address. By the way, Development Bank website was done by Dotsavvy.
the names of the people behind these websites need to be made public so that Kenyans can avoid them
Of more importance is the admin responsible for keeping data security up to date.
This is a wake up call for Kenyan banks.
Seriously, you posted database details of hacked websites on your blog, as in really?
The information was already public, even if I did not put it up, people would still get it. Unless you think it is bad to put public information on a blog!
Well..a little bit of research and you get them
There was a big change in Kenya when the fiber cables landed but companies did not change
What CMS were these websites running on?
Seriously now i feel bad for getting this information quite late.
How do you place your password to be user123 and username to be user.
that is y only use WordPress as my CMS to develop my website and client websites as well.
Developers should learn something from this