News, AntaraNews – Payoneer users from Argentina are reporting that funds have been stolen and their 2FA protected accounts hacked after they received SMS codes OTP while sleeping.
Payoneer provides online payments and electronic money transfers. The platform is very popular in Argentina as it allows users to make money in foreign currencies without being subjected to local banking laws.
From reporting last weekend that Payoneer accounts in Argentina were suddenly inaccessible to users who used two-factor verification (2FA).
They report that they had received an email asking them to approve a Payoneer reset password. However, this was not done. Most users claim that they never clicked on the URLs. Others say they only saw the SMS after the heist was completed.
Many of those affected claim that the stolen money was sent to an unidentified email address on 163.com.
Journalists in the area have interviewed and tracked victims to discover that they are mostly Movistar customers.
It has been suggested that the hacks may have been caused by a data leak from Movistar, however, this leak did not reveal email addresses of users, and these are needed to reset the password on Payoneer.
Payoneer Accounts From Argentina Using 2FA Bypass
One theory says that a breach occurred in the SMS service provider, which was used to send OTP codes. allowed threat actors to gain access to the codes sent from Payoneer.
Unfortunately, a statement issued by Movistar and shared by Julio Ernesto Lopez did not respond to this theory. It simply stated that the provider of telecom services is not responsible if messages are sent via its network. Movistar, however, said it has taken measures to block the phone numbers that were used for the smishing campaigns.
This statement states: “We are not responsible for messages sent (or the content of the message) by third-parties using Movistar’s network.” (machine translated)
The above is not true. We’ve taken precautions with the numbers where some customers report receiving these communications.
Payoneer is still unsure of the exact nature of the attack, although it has acknowledged that it exists and is working closely with law enforcement to tackle the problem. The company believes the fraud was caused by phishing.
Tech reporter Juan Brodersen recently received a response from Payoneer, which places the blame squarely on users. It claims that the SMS-phishing messages were clicked and that the user entered his login credentials on phishing websites.
Payoneer is accused of trying to shift responsibility, and not acknowledging a vulnerability or error within its platform.
Lopez informed AntaraNews, that Payoneer also requires you to enter a different SMS OTP when you change the destination address. This is followed by a code for when you send money. This was not a legitimate phishing attempt to steal OTPs for password reset.
Other countries may also be affected, even though the 2FA bypass bug is what allowed the hacks, just as we did last year for Comcast.
Due to the lack of clarity, it is difficult to determine how exactly this attack occurred. There are many hypotheses. Payoneer is vulnerable because it relies on SMS to provide 2FA. The platform also has a password recovery feature that only needs an SMS code.
Payoneer did not respond to a AntaraNews request to comment about the incident, or the state of its investigation. They also declined to say whether they would offer compensation if it was discovered that the hackers were exploiting a flaw in their system.
Payoneer account holders in Argentina have been advised that they should either withdraw their funds or disable SMS 2-factor authentication and change their password until the issue is resolved.