“SJ-systems hacked – all passwords are changed”
“SJ has been the victim of a fraud and the login information has been leaked. Clients have even received their so-called priopoäng stolen. Now, all of the 1.3 million users change the password.”
“– We take this very seriously, to take such measures is not something that you do lightly, ” says Jan Sjölund, head of security at SJ.”
“the Fraud was already more than three weeks ago, between 18 and 20 november. First, on Wednesday, the day the company went out with that infringement has occurred.”
“SJ has identified 60 customers that have suffered and lost priopoäng. Points are earned on travel and can then be used to purchase travel or merchandise with the company. Customers have been compensated for with the points they have lost, according to SJ.”
” What we have been able to see so far, so it is with the greatest probability of members who used the same password on other sites that have been affected. Passwords have been leaked and then you have these fraudsters been able to use the passwords to get into our site, ” says Jan Sjölund.”
“the Passwords have not been leaked from SJ, according to the chief of the security services.”
“After the intrusion forced all of the 1.3 million who have a priokonto of the railway company to change the password. All the passwords have been disabled and the company will send in a couple of days out e-mails where they ask users to choose a new. The company has also closed its poängshop for several goods and services.”
“– There are services where you have products that are more marketable than others, ” says Jan Sjölund and adds that the purchase of travel with the priopoäng remains open.”
“When varutjänsten can open again is not clear.”
“He does not want to go into how huge amounts of money disappeared or how the points have been used by the fraudsters with reference to SJ have been reported to the police the incident and that an investigation is conducted.”
“According to the SJ has no credit card details are leaked as they are stored encrypted in an external party.”
“Jan Sjölund says that because the fraudsters have logged in with the proper login credentials so we know SJ is not exactly how many customers have been affected.”
“– It is impossible for us to see when the person has the correct password. You will discover that it is missing points and that it made transactions that you do not recognize, then you should contact us, ” says the security manager.”
“He points out that the SJ takes infringement very seriously and care about customer security when they use the company’s system. At the same time, it is difficult to protect themselves when the password leaks that people are using in other sites, according to Sjölund.”
“– Which, one should always consider that individual to have a unique password for each site.”