Home 零对冲(ZeroHedge)每日HackerNews

Checkout.com 被黑客攻击,拒绝支付赎金,向安全实验室捐款。
Checkout.com hacked, refuses ransom payment, donates to security labs

原始链接: https://www.checkout.com/blog/protecting-our-merchants-standing-up-to-extortion

Checkout.com 近期遭遇“ShinyHunters”团伙的犯罪勒索企图,该团伙声称已窃取数据并索要赎金。调查显示,未经授权访问了一个2020年之前使用的旧云文件存储系统,可能影响了当前商户的25%以下。 重要的是,**支付处理系统未受影响,没有商户资金或卡号被泄露。** Checkout.com 对未能正确退役该旧系统负全部责任。 Checkout.com 没有支付赎金,而是**将相当于赎金的金额捐赠给卡内基梅隆大学和牛津大学**,用于资助重要的网络犯罪研究。他们正在积极识别并联系受影响的商户,配合执法部门,并重申对安全、透明和信任的承诺。如有疑问,请商户联系其常规的 Checkout.com 代表。

Checkout.com 近期遭受黑客攻击,并显著地拒绝支付赎金。他们宣布将相当于赎金金额的捐款捐赠给卡内基梅隆大学和牛津大学的网络安全中心,以支持网络犯罪研究。 该事件引发了 Hacker News 的讨论,许多人赞扬该公司直接道歉并承担责任——在数据泄露事件的回应中实属罕见。然而,也有其他人持怀疑态度,批评道歉不真诚,并关注缺乏关于根本原因(一个遗留第三方系统)和预防措施的细节。 一些评论员认为这笔捐款是一种公关手段,目的是为了潜在的税收减免,而不是真正致力于安全。虽然承认这种回应比许多公司都好,但用户强调需要采取具体行动,例如投资于改进的安全措施,以重建信任。
相关文章
原文

Tl;dr: Last week, we were targeted by a criminal extortion attempt. The attackers gained access to a legacy, third-party cloud file storage system. 

Our live payment processing platform was not impacted. No merchant funds or card numbers were accessed. 

We are donating the ransom amount to fund cybercrime research.

Last week, Checkout.com was contacted by a criminal group known as “ShinyHunters”, who claimed to have obtained data connected to Checkout.com and demanded a ransom.

Upon investigation, we determined that this data was obtained by gaining unauthorized access to a legacy third-party cloud file storage system, used in 2020 and prior years. We estimate that this would affect less than 25% of our current merchant base. The system was used for internal operational documents and merchant onboarding materials at that time.

This incident has not impacted our payment processing platform. The threat actors do not have, and never had, access to merchant funds or card numbers.

The episode occurred when threat actors gained access to this third party legacy system which was not decommissioned properly. This was our mistake, and we take full responsibility.

We are sorry. We regret that this incident has caused worry for our partners and people. We have begun the process to identify and contact those impacted and are working closely with law enforcement and the relevant regulators. We are fully committed to maintaining your trust.  

We will not be extorted by criminals. We will not pay this ransom. 

Instead, we are turning this attack into an investment in security for our entire industry. We will be donating the ransom amount to Carnegie Mellon University and the University of Oxford Cyber Security Center (OXCIS) to support their research in the fight against cybercrime.

Security, transparency and trust are the foundation of our industry. We will own our mistakes, protect our merchants, and invest in the fight against the criminal actors who threaten our digital economy. 

We are here to assist our merchants in whatever way we can. As always, we are available through your regular Checkout point of contact for any further assistance or questions you may have.

Mariano Albera, Chief Technology Officer, Checkout.com

联系我们 contact @ memedata.com