CCAvenue Gateway Hacked

[Thor]

Krishnandu , thanks for bringing this to our notice.

This is such a setback now. Just when people of India were getting in the thick of things when it comes to the online shopping , transactions etc , CCAvenue , one of the most used and trusted Payment Gateway craps on our confidence . This is just horrible. Most of the time I have used HDFC Netsafe card which is good for only 1 transaction , looks like thats the way to go from now onwards.

This incident has now made me wonder, how secure really is Online shopping / marketing in Indian sites . If a payment gateways site can be hacked ( because of their earth shattering stupidity, negligence, etc etc ) , can the shopping portals be trusted ?

 

[Garbage]

Updated: CCAvenue CEO Vishwas Patel Denies Authenticity Of Hacking Report; Claims Mischief - MediaNama

 

[furious_gamer]

^^ looks conflicting. They claim they updated their server 5 months back but reports saying that its done very recently. Shame on CCAvenue

 

[asingh]

Payment Gateway CCAvenue Hacked [Updated/Open Questions]

 

[krishnandu.sarkar]

Krishnandu , thanks for bringing this to our notice.

Welcome, But I didn't find this, I got the news from other forum and thought of sharing here too.

 

[dreatica]

So what are these store passwords ? I never made any userid to use ccavenue ? Is this employee's database ?

*www.hackerregiment.com/wp-content/uploads/2011/05/ccavenue_passwords.jpg

and the ccavenue peoples are lying that they updated the apache 5 months back. They have updated yesterday :

Netcraft What's That Site Running Results

 

[krishnandu.sarkar]

Yes, they are the admin passwords. Not of users.

I guess their N/W admins are too noob to know that these things can be find out easily

 

[dreatica]

Check this out :

Updated: CCAvenue CEO Vishwas Patel Denies Authenticity Of Hacking Report; Claims Mischief - MediaNama

The credit card numbers are not stored anywhere in our database, as per PCI norms. Only the first six and last 4 card numbers of the last 15 days are stored. And those are also BSI encrypted, for which there is a key, and to open that there is a master key, and those keys are not stored online anywhere. It is there with our head of security, who is the only person with access to it. The encryption has been in place on our servers for the last four years.

I made the last payment from ccavenue to digit on 18th, If the last 15 days is true, my A@@ is saved coz I just bump it for 16 day as the database was hacked on 4th may.

 

[sygeek]

CCAvenue hacked by SQL Injection...I mean WTF? Never realised CCAvenue would be this insecure, and to add to the stupidity, all the database of admin's login information was stored in plain text

 

[doomgiver]

lol, even script kiddies can do a sql inject.

are these the people to whom we trust our money?

 

[anubisX]

I'm worried now What kinda security CCAvenue uses ? Stupid !!

 

[newway01]

Damn..Is there some problem we should be worried about? I am using ccavenue every now and then..Last time used was a day before for online purchase

 

[Vyom]

I dont think, there is a problem to be worried about, if you don't use your card to shop, and rather use online banking.
But it only holds true, if their (CCAvenue's) words are to be believed.

 

[KDroid]

What happened to the security they used to boast off?

 

[furious_gamer]

^^ lol. Don't even say that. They are attacked by SQL injection.

 

[KDroid]

Yeah I know that! It was a kind of sarcastic comment!

 

[PraKs]

Damn..Is there some problem we should be worried about? I am using ccavenue every now and then..Last time used was a day before for online purchase

Check the data which is leaked, You may find your user ID & password there

 

[sygeek]

^ lmao

 

[gagan007]

even now for pre-order of anniversary issue Digit is using CCAvenue gateway!

 

[Vyom]

I think we should talk directly to the editor about this:
*www.thinkdigit.com/forum/feedback/123086-editors-desk-13.html