Yesterday we received an email from a member of Shad0wSec claiming to have hacked a payment gateway known as ShegerPay. We asked them a few questions following the hack:
Who are you guys?
I’m Gh0s7 (https://twitter.com/Sc0rp10nGh0s7) from team Shadow Security (Shad0wSec) https://twitter.com/Shad0wS3C
What was the name of the secure gateway that you hacked?.
Their name is ShegerPay Gateway
After exploiting the gateway, what sensitive information did you find?
Information we found include users credential, Api’s, Source code of the gateway and other transaction and personal info.
Where have you uploaded the files?
Uploaded to mega.nz
Have you any proof of this?
What was your motivations towards the hack?
Our motives are to show that for a company that brags about their tight security its actually lame.
Are there any other points you wish to highlight?
Other points i want to highlight include, companies at this time are so focused in the product they are delivering they forgot to insure its security leaving personal information for whom ever that finds it and that’s wrong and let this be a lesson to the others.