The first question you are probably going to ask is how can Nigerian banking infrastructures be this vulnerable yet CEOs get paid millions of dollars. Could this be carelessness, or someone is simply paid while doing nothing? This will probably explain why millions of naira get missing from customers’ accounts without any traces.
Today, a cyber-security expert Sennaike David has exposed how vulnerable Nigeria’s banking system is to hackers, and about 90% of banks in Nigeria fall victim to this. 43 banks are critically affected including its bank customers.
If you banking with any of the banks listed here, your funds are not safe.
Around January, I came across a post on the dark web stating they were selling the private data of a Nigerian fintech, access to servers, username and password and API keys, and private customer data.
The ones that actually got my attention are the below;
About 70 percent of banks ran vulnerable versions of Cisco VPN and Forti IOS. These vulnerable versions allow you to read the session details of the VPN users and the content of VPN servers. Many banks have their users connect from the outside into the bank using these VPNs to perform tasks. Access was gotten for some, while I decided not to exploit everyone because the sheer number of banks running these vulnerable VPNs was overwhelming.
…Search for leaks on GitHub and be surprised by the number of valid passwords and usernames of bank servers and staff being leaked to everyone. At least 99% of banks had a valid leaked password on GitHub. Think about how easy it is to get details of your organization on GitHub. Type: the “mybankwebsite.com” password and see interesting passwords belonging to that bank.
In a nutshell,
Your login username and password are not safe enough to save your money from being moved by hackers since your bank is this exposed to vulnerability.
You can read the full article here