14 DAY TRIAL // The Eastern European hacker known as Sepo found that the Victoria Commercial Bank of Kenya's website (victoriabank.co.ke ) and the ones of SwedBank from Lithuania (swedbank.lt ) and Ukraine contained some vulnerabilities that might have allowed cybercriminals to gain access to customer information.
After being notified by the grey hat, the institutions have started patching up the holes.
“First of all to show that banking system is insecure, I wanna show everyone how CEO's spending millions for security and how easy is to hack a big company DataBase,” Sepo told Softpedia.
“We can think that our data (emails, passwords, bank accounts) are in safe, but it's not true. I wanna show how sensitive can be our personal data even if it is a bank website,” he explained.
When he found the security holes, Sepo didn’t cause any damage to the sites and he didn’t leak any sensitive data. He just wanted to raise awareness to show people that their data is not safe even if financial institutions claim that they have highly secure websites.
To demonstrate his findings, the hacker published only server information and a small sample from the databases of the websites, his main purpose being to force administrators to patch up the flaws and ensure the safety of their customers.
“SwedBank clients from Ukrain & Lithuania need to know that their data could be stolen by any black hat...,” he said.
Now, one month after being contacted and after the hacker made everything public, the banks’ websmasters have started fixing the issues that exposed their websites to cybercriminal operations.
“Lithuania webmasters were first to fix it... I think the Ukrainian are too,” Sepo said.
This story is meant to demonstrate, once again, that website owners can collaborate with hackers on addressing issues, if they really want to.