The famous Pakistani hacking group going with the handle of MadLeets has hacked the official blog of the U.S based online transaction company Payza (previously known as AlertPay).
Hackers involved in the attack are MindCracker and H3ll D who announced the hack on their official Twitter handle just few minutes ago.
Payza website blog has been left with a deface page along with a message and a screenshot showing clear-text passwords of registered Payza users.
In an exclusive conversation with MindCracker we were told that he has access to usernames, emails and passwords of the Payza users. He also added that he found a bug in the website which made it easier for him to access the database and the whole website. However, he plans not to leak those details.
Looking at the message it seems the only reason to hack Payza blog was to give the site admin a wake up call on poor security.
Hey Payza Hacked :P Is this what u Call Security ?Don’t Worry I’m not Going to Leak it :D (Hackers talking about the data), according to the message.
A full preview of the deface page uploaded on Payza website is available below:
Link of targeted blog along with its Zone-h mirror as a proof of hack is available below:
MadLeets is a group of Pakistani hacktivists who are known for hacking Google Indonesia,Google Images, Google Plus Malaysia domains, Indian and Pakistani government and military websites in past. To read previous hacks from MadLeets click here.
Formally known as AlertPay, Payza lets user send and receive money from 190+ countries across 21 currencies. The service is mainly based in US and Canada but also supports certain banks and credit/debit cards from their recognized countries.
At the time of publishing this article, Payza blog was hacked with deface page uploaded by hackers and Payza is yet to reply about the hack.
Payza has replied to us in a Tweet claiming that Payza’s blog is separate from the Payza platform, no sensitive info is compromised.
MindCracker hacker has also replied to Payza with a screenshot showing username and email claiming that it belongs to a registered Payza user.