South African payment processor breached, source code allegedly stolen
Adumo, one of the largest payment processors in South Africa, which processes over R100 billion annually, has allegedly been breached, with critical source code material stolen.
According to a post on a dark web forum, the threat actor is offering what is claimed to be Adumo’s sensitive technical database information and source code for sale at R114,000.
MyBroadband reached out to Adumo to ask whether the company was aware of the breach and whether it was taking steps to mitigate the damage from the alleged sale of internal data.
“Adumo is aware of information circulating online and is conducting an internal investigation to verify its source and scope,” the company’s representatives told us.
“No internal systems have been compromised, and our investigation, at this stage, points to an external system that was previously used to share files with integration partners.”
The forum post indicates that the haul consists of 15,456 files totalling 14GB and includes multiple versions of virtual card application (VCA) installers and Adumo’s transaction processing environment.
It also contains payment system components that Adumo uses to integrate with retail management suite DataSmith, and card operation source codes.
This includes processes called “cardActivate, cardAllocate, cardDebit, cardRefund,” and others. Additionally, there are also complete source codes for how Adumo’s card machines work.
In 2024, Adumo was acquired by Nasdaq-listed South African financial technology company Lesaka Technologies for $96.2 million (R1.67 billion at the time).
The purchase meant that Adumo could continue to scale across Lesaka’s business operations, reach more customers and also integrate its processes with Lesaka’s own.
Adumo representatives said that the sale of the compromised material “does not impact Adumo’s business operations.” No customer data has been affected.
However, the leaking of source code or other internal system processing information, even if it is routinely shared with partners, could lead to serious consequences in the wrong hands.
Source code leaks can expose zero-day vulnerabilities
International cloud security firm Wiz explained that a source code leak can lead “to severe security vulnerabilities and intellectual property theft.”
“For instance, unverified container images from public registries can introduce malicious code into an organisation’s software supply chain, exposing critical vulnerabilities.”
In Adumo’s case, its entire set of InnerEdge Docker Images was allegedly stolen in the breach and is now up for sale on the dark web forum.
Cybercriminals employ various methods to steal source code from companies, most commonly through phishing and social engineering tactics targeting employees.
Serious examples of source code leaks in the past include a May 2020 incident in which source code for Microsoft’s Windows 10 operating system was leaked online.
“The breach raised immediate security concerns because the exposure of source code could allow hackers to uncover and exploit vulnerabilities within the system,” said Wiz.
Payment processors could suffer more severe consequences, as cybercriminals study the source code at their leisure (after buying it for R114,000), and plan more sophisticated attacks.
Adumo’s alleged breach is another recent example of potentially serious cyberattacks affecting financial institutions in South Africa.
On Thursday, MyBroadband reported that a threat actor stole 1.2TB of company and customer data from Standard Bank’s internal systems after they allegedly spent 3 weeks exfiltrating data undetected.
The bank had previously reported the breach but only indicated that a small number of customers were affected. It said that limited credit card information, excluding CVV numbers, was published online.
Standard Bank said it would be in contact with individual customers should their credit card information be part of the breach.
“Our transactional banking and core operating systems were not accessed, remain secure, and are available to all our clients and employees,” Standard Bank had said in March.
“During this period, we continue to work tirelessly to engage with our clients who have been impacted. This will continue while we make meaningful progress in our investigations into the incident.”
Loading ...