The attackers robbed the owners of cards "Corn"
Credential substitution attacks and vulnerabilities in the application allowed cybercriminals to steal funds from Corn cards.
Since May 2, complaints about the “Corn” cardholders regarding the loss of funds began to appear on the Banki.ru website. According to Kommersant, users have become victims of cybercriminals who used previously leaked credentials (the so-called credential-attack or credential stuffing). According to the source of the publication, the attackers hacked into another service, which stored information of the cardholders "Corn".
According to the victims, they received an unexpected SMS message about connecting the card to Apple Pay, after which the money stored on it was transferred to the Tele2 number. However, they did not receive any notification with a verification code to connect Apple Pay.
According to the victims, the cause of the incidents is not only leakage of credentials, but also the ability to connect Apple Pay services in the Corn mobile application without confirming the operation. Damage from attacks can reach millions of rubles, the source said.
As noted in the company "Svyaznoy / Euroset", 80 people suffered from the actions of intruders. NNCO “Payment Center” assures that neither its systems, nor partners' systems were hacked, and cybercriminals attacked a social service not related to the organization. The name of the service has not yet been disclosed.
The Corn Card is a multifunctional bonus payment card from the Svyaznoy / Euroset company. The card operates in the Mastercard payment system, and its issuer is the Payment Center NRC.