The Managing Director of East African Data Handlers (EADH) George Njoroge has intimated that a big firm dealing in digital mobile money transactions has been hacked. He stated the screaming information through a thread of around 4 tweets.
“BREAKING; A Mobile Money company has been Hacked. Sacco’s and Microfinance banks B2C API hit, millions lost! Most mobile money corporates have funded their company’s B2C accounts to the tune of over 100 million, to facilitate mobile money settlements. That makes them at big risk to loosing millions without them realizing they are loosing money. For any Sacco’s and MFI’s urgently monitor high volume transfers to mobile wallets. Get the Telcos to whitelist your IP’s. At worst Down the entire B2C: Business to Customers account, the account that’s debited to transfer the money to the customers wallet!”, he tweeted at 3:35 pm Monday.
Though the EADH boss didn’t state the name of the firm, Kenyanbulletin.com has finally established that the firm in question is Unaitas Sacco.
It is not the first time. It even seems a routine now.
In 2018, Standard Media reported that Unaitas fast rise tkt Bank statist was being eaten inside by fraud.
At the time of that article in December 2018, the Sacco has already been hacked twice, where it is believed to have lsot millions of shillings.
The standard reported that, after detectives went through 682 gigabytes (GB) of data mined from the servers in Murang’a, they noted that the fraudulent activities had been made to appear as having been initiated by users who last genuinely updated their accounts, however a close scrutiny revealed that some of the users had long left the organisation.
“It is noted that the attacker manipulated the date and time spreading the attack period to six years, that is 2012 to 2017 purposely to misdirect investigations,” the report read in part.
The 2020 attack could have been avoided if the Sacco’s management learnt from the two attacks previously in 2017 and November 2018.
It was reported that the attackers who were believed to be operating from outside the country, were able to navigate through flagged accounts, unflag and transfer funds, it adds. There were also a number of logs generated from mobile transaction and deleted successfully.
The management were stunned, not knowing what to do.
Most of these attacks have put a roadblock between the Sacco and its dream to become a commercial bank.