The Editor,
I am a Cyber Security Engineer living in the U.S. Last month, I informed LBDI of a critical security vulnerability affecting its internet banking site. I provided a detailed description of the vulnerability.
LBDI promised to fix the problem. The site was taken offline for several weeks. Information I have suggest the critical security vulnerability was not mitigated.
As an ethical hacker, I feel the need to report this problem to you with the aim of informing the public including LBDI’s customers of the security risk they face. I do not believe LBDI understands the magnitude of this security flaw.
Anyone with knowledge of this vulnerability is able to view the bank statements (which includes Account Number, Transaction History, Account Balance, etc) of every LBDI’s customer.
The list includes Cellcom, LibTelco, AME Univ., Ministry of Justice, Daily Observers, etc.
Frosty Hammy,
[email protected]