MTN Uganda Clarifies on recent Mobile Money hacking attempts
MTN Uganda has today clarified on the recent hacking attempts that were targeted at robbing both the telco and customer funds through cross-platform transactions.
Reportedly, Pegasus Technologies – a 3rd Party payments aggregator experienced a security breach through a backdoor that was utilized by a group of black hat hackers to disguise mobile to bank and telco to telco (MTN-Airtel, Airtel-MTN) transactions.
According to MTN Uganda, the hack was targeted at Bank to Wallet transfers and fortunately did not affect any customer balances both at the bank and on mobile money accounts.
Since 3rd October 2020 when the attack was detected, MTN suspended all services aggregated by the provider as a security precaution to safeguard customer accounts and any potential violations that could lead to multiple attacks.
At the core, Common MTN Mobile Money services including cash deposits, withdraws, Person to Person (P2P), and Payment transactions were not affected nor compromised during the attacks since they’re served by MTN as the core provider and not through any 3rd party aggregator.
However, from the time of the attack, security operatives headlined by the Uganda Police Force (UPF) started investigations to identify potential backdoors that could have resulted from a failed system function and Identify potential attackers in the incident.
As per telco standards, MTN’s mobile money platform complies with International Industry IT security standards and so, its subjected to periodic assessments, reviews and penertration tests by approved Internatal and External providers.
So, the potential security backdoor was utilized at Pegasus Technologies as an authorized aggregator for the attackers to feed on rogue transactions disguised as Mobile to Bank transfers.
Remarkably, Pegasus is the authorized provider for Stanbic Bank’s Flexi Pay service accessible via *290# that allows customers to transfer, and pay for goods and services using Mobile Money. Since the attack, all service ports have been blocked and the main *290# portal shutdown.
Henceforth, MTN has further laid strategic measures to sniff what may have went wrong on the aggregator side by blocking specific mobile money functions. And as confirmed by the telco’s CEO, Wim Vanhelleputte, its mobile money wing continues to be safe at the core with convenience provided to all customers.
We apologize to all our customers for any inconveniences and reassure the public that MTN Mobile money services are safe, convenient, and transparent.Wim Vanhelleputte – CEO, MTN Uganda