Cyber Criminal claims to have breached PagoFX, Santander international money transfer service. 1.67 GB of documents leaked

A cybersecurity company says it has found a hacker selling internal documentation of Pagofx. Pagofx is backed by Santander and works as its International Money Transfer service. Launched in April 2020 with the mission to give everyone complete confidence when sending money abroad, PagoFX combines the best of FinTech and banking in one easy-to-use, low-cost and reliable app.

This article has been updated since its original publication.

The hacker leaked 1.67 GB of 2292 files including data related to online and mobile app code details as claimed by the hacker. The revelation underscored how vulnerable bank clients using these services are.  In 2020, over 50 banks worldwide have been the target of threat actors.

A lot of threat actors have been selling databases of different banks. These leaks include documents like database structure, database schemes, IT infrastructure diagrams, customer background verification checks, salesforce training material, KYC confidential details related to payment routing and documents from fraud detection.

These documents include processes followed by the different departments of the company. A technical cyber security alert jointly written by four different federal agencies, including the Treasury Department and FBI, said there had been a resurgence in financially-motivated hacking efforts by the North Korean regime this year after a low activity period. Hackers are tapping into banks around the globe to make fraudulent money transfers and cause ATMs to spit out cash, the U.S. government warned in August of 2020.

Much of the data identified by cyber security company experts is publicly available, and almost all of it is the kind that is regularly bought and sold by cyber criminals in dark web businesses. But the fact that 1.67 GB of confidential banking document were found for sale in bulk on the so-called dark web underscores how easily criminals and foreign adversaries can use this information. This information can be used to find zero day vulnerabilities or phish the user of the company as the FBI said North Korea has done recently, by sending phishing emails to bank clients.

“An enormous amount of bank clients’ data is available to cyber criminals and foreign adversaries”, said the cyber security experts who found the material.

“In the wrong hands, this information can be used to steal millions from bank accounts and scam millions via social media, email phishing and text and phone scams, specially during these tough times when people are depending a lot on online and phone banking.”

The documents seem to be from various departments, especially the IT team, so it seems the hacker was able to retrieve these documents via hacking some document ftp server belonging to the company’s provider for sure, he said. Last year Scotiabank also got into a lot of trouble when hackers were able to access the bank’s Github repository and leak the bank’s application code.

Bank Security monitors dark web forums for threat information, and it came across a hacker calling himself Shitshow who was offering the documents for sale. Cyber security experts used fictitious identities to induce the hacker to get more information, including a Bitcoin wallet details for collecting the payment.

Cyber security experts from IICS mention that Bitcoin wallets — virtual storage facilities for the most commonly used cryptocurrency — publicly display transactions but not the identities of those making them. According to the experts if the bank wants they can work along with the government agencies to trace payments to this wallet. The same wallet is surely used in other scams and hacking incidents.

The wide availability of confidential documents and databases is not new, but the idea that such a huge cache is for sale during the pandemic when everybody relies on online and mobile banking shows how easy it would be for malicious actors to cause trouble. Cyber Security experts said that the hacker was asking $100,000 US dollars for the 1.67 GB documents. The hacker has updated the price are is now asking only $4,000 USD in different forums.

The documents and databases on sale by Shitshow would allow malicious actors to target the bank’s international payment platform Pagofx and some of the clients will be affected who are using these services including businesses.

As of now nobody is sure if the hacker claim is authentic or another scam but we tried contacting the bank to confirm the authenticity of the documents leaked and below was the official statment from PagoFX.

“PagoFX is aware of the claims, however, we can assure customers that none of our internal systems have been compromised and no sensitive personal information or payment data has been accessed. Our payments infrastructure remains secure and customers can continue using our services as normal”

In Mexico and other countries of Latin America a lot of Santander bank clients suffered telephonic scams and have lost millions. These people have got along and as of 500 of them have formed a Facebook group to sue the bank and many of these people have claimed that scammers have also the details of clients when the call and it appears to be a real bank’s call center call like the one shown in the video below. We hope that the Pagofx verifies this leak and confirms its authenticity so that clients don’t get scared.