Core MTN mobile money services were not affected at any stage – MTN


In order to dissuade its worried customers, MTN Uganda Limited has today released a statement in which it has clarified that its cores mobile money services were not affected by the hack that took place last week which caused the companies, MTN, Airtel and Stanbic Bank to lose billions of money in the attack.

“The core MTN Mobile Money services … were never affected nor compromised at any stage” reads the statement from Win Vanhelleputte, the Chief Executive Officer (CEO) of the MTN. The core services that were listed include cash deposits, withdrawals, person to person (P2P) transactions and MoMo payments. It also did not affect customer mobile money account balances.

The CEO has gone on in the statement to assure customers and the concerned that investigations are still ongoing by the police to identify “the root cause of the incident”.

“We are confident the Uganda Police Force will conclude their investigations timeously and take appropriate action against the culprits” reads the statement.

He also assures customers that the company mobile money platform “complies with the highest international ICT security standards” and that it is also “subjected to regular assessments and reviews by internal and external assurance providers”.

Hackers last week broke into the system of Pegasus Technologies, a company that handles MTN and Airtel money and its transactions with Stanbic Bank.

Advice from Infotesters on internet security

According to an analysis of the hack by Infotesters, they state that hackers are known to “target financial institutions over weekends when there is less activity and reduced vigilance” as this is the easy time to “strike, withdraw the cash and cover up by the time the weekend is over”, one of their releases reads.

The cyber security firm also highlights how hackers normally make their attacks which they list to include a ransomware messages, a fake antivirus message, or where internet searches are redirected, your friends receive social media invitations from you that you didn’t send, your online password isn’t working, observe unexpected software installs, your mouse moves between programs and makes selections, your online account is missing money, your confidential data has been leaked, and others. They therefore believe that one of these could have been used to issued out the attacks, but the actual mode will be revealed by the ongoing police investigations.

Infotesters advises that for companies and financial institutions to avoid those attacks, they should use two-factor authentication, “a multi-factor method that requires users to input different pieces of evidence before they are granted access to the account or system”. They are also advised to review the security of the open-source software and ensure it is secure for use before adoption.

In their analysis, Infotesters add that “Enterprises and individuals must take the time to make sure they build a powerful security foundation and avoid using unsecured Wi-Fi networks” and that as they do that network functions that are not being used should always be turned off. Among the alternatives also includes updating and installing a brand new security patch which usual comes with different phone or PC operating systems.