Aug 27, 2024, 05:32 AM
A newly discovered exploit in a widely-used payment gateway API has gone undetected for over a year, allowing attackers to siphon funds from millions of transactions without raising any alarms. This payment gateway is integrated into thousands of e-commerce platforms globally, making this exploit potentially one of the most significant in recent history.
Exploit Breakdown:
Vulnerability Details: The exploit takes advantage of a flaw in the API’s tokenization process, where transaction tokens can be reused multiple times without triggering security flags. Attackers can manipulate transaction data to reroute payments to alternate accounts while leaving the original transaction records intact.
Scale of Impact: While the full extent of the impact is still under investigation, initial reports suggest that millions of dollars may have been redirected from legitimate merchants to fraudulent accounts over the past year.
Difficulty of Detection: The exploit is particularly insidious because it leaves no obvious traces in transaction logs, making it difficult for merchants and security teams to detect without specialized analysis tools.
Exploit Breakdown:
Vulnerability Details: The exploit takes advantage of a flaw in the API’s tokenization process, where transaction tokens can be reused multiple times without triggering security flags. Attackers can manipulate transaction data to reroute payments to alternate accounts while leaving the original transaction records intact.
Scale of Impact: While the full extent of the impact is still under investigation, initial reports suggest that millions of dollars may have been redirected from legitimate merchants to fraudulent accounts over the past year.
Difficulty of Detection: The exploit is particularly insidious because it leaves no obvious traces in transaction logs, making it difficult for merchants and security teams to detect without specialized analysis tools.
