There is a lot of news gaining attention on twitter regarding a data breach of eSewa, Nepal’s first and leading online payment gateway. However, the claim made on twitter by the account ‘Aparichit‘ seems to be a mere hoax, according to the recent statement of the company. The twitter account had posted several email IDs and passwords along with account balance claiming to have hacked eSewa. To most people’s surprise, all of the leaked data was in plain text format which is quite questionable as a company as big as eSewa storing data in plain text doesn’t make sense in the first place.
According to eSewa, the company has confirmed that all of the information in the eSewa platform are stored in an encrypted format and is completely safe. They also added that the situation might have occurred due to a breach in third-party sites through phishing and an investigation is being carried out.
Similarly, if you have been keeping up with the data leaks and breaches which were going back and forth on Twitter over the last few months you probably know the twitter handle that goes by the name ‘SATAN’. ‘SATAN’ came out to defend eSewa and say that the leaked data is fake and might have been gathered from previous leaks as well as bugs. Also, calling the whole situation a hoax.
Also, eSewa had posted their routine password change notice on Facebook prior to the data leaks news which got a lot of people confused thinking that it was a reaction from eSewa due to the leaks. However, the company has confirmed that it was just their routine process to ensure safety.
eSewa’s official statement regarding the situation
eSewa has just released an official statement regarding the situation to confirm that the claim made is a hoax and the data was breached through different phishing/scam (third party sites). Further to ensure safety eSewa urges its users to regularly change their passwords and to share them in any vulnerable third party sites. eSewa had also recently received ISO certification for Information Security Management System.
According to the recent statement made by the company, we believe that this news of eSewa data breach circulating is probably a hoax. Also, storing passwords in plain text format gives further evidence that this might be phishing rather than a hack in eSewa’s system. However, the company that has been trusted by almost every sector in Nepal needs to be very sensitive and responsible for such security concerns.