4XP Website Hacked [Customers Financial Information Is On Risk]

Aug 06, 2012 at 16:30
968 Zobrazení
7 Replies
Abhishek
forex_trader_85828
Členom od Jul 27, 2012   12 príspevkov
Aug 06, 2012 at 16:30
Hi Everyone,

Just now i was reading an interesting article and thought of sharing with fellow members of myfxbook. This article explains that one of the 4XP web site has got some serious loopholes which can be exploited by any hacker to steal any information about the company from their database. The one thing which deserves attention is the article presents some informative facts from the database to prove the claim of the loophole. From the screenshots attached we can see some confidential information from the database, even though the author of the article made hidden few portion of the screenshot which believes to be 4XP customer's personal identification including mobile no, credit card details etc.

The biggest surprise & funniest part which i came across about this broker, i was browsing a private forum where i first saw the discussion about this broker & from their only i came to know about this article. One member in that forum was claiming that:

'He is the customer of 4Xp & tried contacting their account manager about this hack issue. His account manager simply replied him that they have got confirmation from their IT Security Team that this is not true because the 4XP is a big company has got many officies & a big company's website can't be hacked. Those screenshots doesn't make any sense and is false. The website displaying the article is a setup by another forex broker who is jealous of 4Xp compoany. So, he should not be worried about this issue.'

Isn't it funny? 4XP company doesn't seems to be bothered about the security of their client's information & they are taking it litely and ignoring the worst which may knock their door at any time.

Now here comes my questions for 4XP:

1. Does it make any link between the size of the company & their web security. If they believes they have got 4-5 offices & are so big that their website can't have any security issue then they should learn something from the recent 'SONY PLAYSTATION NETWORK HACK' where 24.6 million user account information were stolen. Do 4XP think they have got the big customer base then Sony?

2. I had a close look of the screenshots posted by the author of the article and didn't see any suspcious thing in that. The screenshot clearly shows some crucial insider information from the database. Which itself confirms there must be some security loophole in their website otherwise how is it possible to capture the database information. If they think this is false, then i request can you please give me some insider database information from Google? 😁

3. The article says the 4XP company is tring to fix this issue since 12-Jul-2012 and as on 04-Aug-2012 the loophole is still active. I have got only one thing to ask: Does their IT security team consist of some school childrens or they don't bother to fix this issue or might be there's another big scam yet to come?

My suggestion to 4XP: grow up guys, this is not a childplay. You are dealing with customer's real financial information and you must show some respect to protect the privacy of your customers. If you fails to do so then you doesn't deserve even 1% vote to be a
good broker.

Guys, what's your opinion on this? Do you think this broker deserves to be a Top Broker as claimed by many independent review siets?



Article Source:
https://www.zsecure.net/blog/vulnerabilities/4xp-sql-injection-vulnerability.html
Abhishek
forex_trader_85828
Členom od Jul 27, 2012   12 príspevkov
Aug 06, 2012 at 16:32 (upravené Aug 06, 2012 at 16:37)
I forgot to attach the screenshots which i have taken from the source article. The screenshot itself reveals few of their customers and manager's email id's & password. Have a look.

I digg into some hacking forum where this article was shared to try to know about the geniunity about this loophole because hackers can tell us in a clear way whether the screenshots information could be real or not and i came to know from few discussions that the author of the article used a tool name 'Pangolin' to get inside the database and captured these screenshots.

Spread the truth and avoid yourself to be a part of another forex broker scam.

Image Credit [zsecure]
Abhishek
forex_trader_85828
Členom od Jul 27, 2012   12 príspevkov
Aug 06, 2012 at 17:19 (upravené Aug 06, 2012 at 17:23)
Funniest party which i recently came across in one of the forum site. One of the 4XP senior manager named 'Jayden Hamilton' try to persuade others that their site is not hacked by saying the information reached by hacker is uselss content and does not include any of your personal information. [See the screenshot of his reply]

In his response itself he confirmed that their database is breached because he itself found saying 'the information reached by hacker is uselss contest .....' this proves the first point 'Their Database Was Hacked'.

Since they are saying the information reached by hacker is useless content and doesn not include any personal information but the screenshots clearly displaying the confidential information i.e. credit card transaction details, customers username & password, residential address, mobile/fax numbers etc.

As per them, if these are not personal information then i would like to ask them 'according to them what constitute a personal information'?
Členom od Aug 06, 2012   10 príspevkov
Aug 06, 2012 at 17:50
Even if they got hacked they should announce it to avoid panicking for their clients
And they try to fox what happen
Abhishek
forex_trader_85828
Členom od Jul 27, 2012   12 príspevkov
Aug 06, 2012 at 18:00 (upravené Aug 06, 2012 at 18:02)

dave90 posted:
Even if they got hacked they should announce it to avoid panicking for their clients
And they try to fox what happen

Agree. This is what i call professionalism. Even when the biggies like Google, Yahoo, Microsoft etc can be hacked then this small incidence is nothing. The point that makes a difference is, A geniune company accept their faults & try to rectify it but scam company like 4XP trying to cover their face & misleading their customers by replying they can't be hacked & all nonsense which could create disaster for them in future.

Do anyone think in today's digital world any system is 100% secure or any company can claim they are 100% hack proof? If anyone is saying, then they must be kidding 😇
Členom od Aug 06, 2012   10 príspevkov
Aug 06, 2012 at 19:11
Now we are on same track but forex firms not like google they afraid from clients to run away
Abhishek
forex_trader_85828
Členom od Jul 27, 2012   12 príspevkov
Aug 06, 2012 at 19:14

dave90 posted:
Now we are on same track but forex firms not like google they afraid from clients to run away

True, they can lie provided they take immediate action to avoid any further possible attacks. But in this case, their loophole is still open (as claimed by the author of the article). This is just a perfect example of complete negligence by the said broker 😄
Členom od Feb 27, 2012   4 príspevkov
Aug 24, 2012 at 13:10
I have account in 4xp more 4 year, never have problems..
You must be connected to Myfxbook in order to leave a comment
*Komerčné použitie a spam nebudú tolerované a môžu viesť k zrušeniu účtu.
Tip: Uverejnením adresy URL obrázku /služby YouTube sa automaticky vloží do vášho príspevku!
Tip: Zadajte znak @, aby ste automaticky vyplnili meno používateľa, ktorý sa zúčastňuje tejto diskusie.