Kagoya, a famous hosting service provider in Japan has suffered a security breach in which personal and financial data of its customers has been stolen.
In an email to their customers, Kagoya stated that the hack attack was discovered this month after an in-house screening which revealed that customers who used their credit cards between April 1, 2015, to September 21, 2016, are among the impacted ones.
Also Read: Japan may replace currency with fingerprints
The total number of customers who had their personal information stolen are 48,685 whilst 20,809 customers are those had their credit card data stolen.
The data stolen by hackers includes Name (card holder name), Address, Phone number, E-mail address, Contract Account Name, Password, Credit card number and Expiration date. What worse is that a user on another Webhosting forum is claiming that all leaked data was in plain-text format.
The email further revealed that unknown hackers were able to exploit a vulnerability and conduct an OS command injection attack. A command injection attack takes place via a web interface in order to execute OS commands on a web server. The attacker supplies operating system commands through a web interface in order to execute OS commands. Any web interface that is not properly sanitized is subject to this exploit – In Kagoya’s case, the attackers were able to access its database and steal thousands of accounts.
Kagoya has reported the incident to local police and also urging its customers to keep an eye on their credit card transactions and inform the bank in case of any suspicious activity.
According to Alexa, Kagoya’s is among top 4,000 sites in Japan hinting at their big customer base. At the time of publishing this article, Kagoya’s website was offline.
This is not the first time in Japan when hackers successfully stole credit card data of users. In May 2016, hackers were able to steal 1.44 billion Yen ($13 million) from 1,400 ATMs in just 2½ hours from all over the country.
In June 2016, Japan Pension Service suffered a massive security breach in which 1.25million people were affected.