Seems like there’s a major hacking scandal everyday. A widely used web payment portal used to pay for local government services, like utilities and permits, has been targeted by hackers. Hackers have broken into self-hosted Click2Gov servers operated by local governments across the US, likely using a vulnerability in the portal’s web server that allowed the attacker to upload malware to retrieve payment card data over a period of weeks or maybe even months.
Security firm FireEye said that credit card numbers, expiration dates, and verification numbers, along with names and addresses were stolen by the malware.
The new report is not really news, besides providing more insight into the methods used to achieve the hacking. There have been numerous media reports in the past year that Click2Gov portals have been getting hacked constantly.