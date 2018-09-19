'Filipinos are recommended to carefully check their credit card statements for unauthorized payments,' says Dutch security researcher Willem De Groot who discovered the alleged breach

Published 1:22 PM, September 19, 2018

MANILA, Philippines – The ABS-CBN online store (store.abs-cbn.com) has been hacked according to the report of Dutch security researcher Willem "gwillem" De Groot.

As of writing, store.abs-cbn.com is down.

De Groot, in a post on his website dated Tuesday, September 18, said that a payment skimmer is running on the website, which steals personal and financial information including credit card details. The stolen data is then forwarded to a server in Russia, specifically in the city of Irkutsk located in eastern Siberia. De Groot says that "the credit cards and identities are then (presumably) sold on the black market."

"Personal information and credit cards are intercepted while people shop for [merchandise] for one of the 90+ television shows," De Groot says.

The skimming method makes use of malware hidden in the website's Javascript file, the code underpinning the site. The code has been in the website since August 16 as per De Groot's estimates, based on the fact that the code has not been changed since 4 weeks ago. This suggests that any transaction conducted in the website since the date, may have been affected by the security breach. The researcher says that the malware intercepts the data during the checkout process, and doesn't state that the malware has an ability to scrape data from older transactions or from the site archive.

One crucial detail that may have contributed to the success of the reported intrusion is that store.abs-cbn.com had been running on Hyper Text Transfer Protocol (http) and not the more secure Hyper Text Transer Secure https protocol. Communications between a user browser and a website running on plain https are encyrpted; http communications are not. (READ: The difference between HTTP and HTTPS websites)

However, De Groot notes that the methodology used in the incident, which is similar to the recent Ticketmaster and British Airways breaches, can beat encrypted connections: "The methodology found at these crime scenes is the same: browser-based interception during the checkout process. This method is quickly gaining popularity because it defeats the security of encrypted connections (https/SSL)."

"Filipinos are recommended to carefully check their credit card statements for unauthorized payments," advises the researcher. – Rappler.com