The Monrovia City website appears to have been hacked again and one resident believes that the apparently compromised city web site may be being used to steal the credit card information of Monrovians paying their bills online. (See UPDATE below.)
Look at the two Google search-result images above. On the first image notice the Google warning after the city's green web address: "This site may be compromised."
Now look at the second image, and notice the second and third search results, advertisements for Viagra. Those are not websites pretending to be Monrovia, however. If you click on the Viagra-ad links, they actually go to the City of Monrovia web page.
This was brought to my attention by a computer-savvy former co-worker and fellow Monrovian, who suspects the site may be being used to steal credit card numbers, his in particular. He writes:
"Over a month ago, I did a search to get to the city's site. If you do so on Google, you'll see that they've posted a 'this site may be compromised' . . . I took a print out down to the city and they said they'd have their technical guy look into it. They haven't. As you'll see, if you search for the monrovia public library, you'll get ads for viagra and cialis. This is called a pharma hack. Here's some info on it: http://digwp.com/2010/07/wordpress-security-lockdown/#pharma-hack ...
"This is pretty important because I used the site to pay my utility bill with a 2 month old debit card. Less than 14 hours later, the card was used in at a pharmacy in South Carolina. Like you, I'm pretty careful online and I've never had my number compromised until I clicked through to the city's site."
Opinion: Um, yes, this is pretty important. If this has taken a month to address, that is a very bad reflection on the city. Note, if you read the accompanying link here, the hack doesn't change the appearance of the city web page, but that doesn't mean it hasn't been hacked.
UPDATE: As I look at the bill-paying option on the city website it appears that it is actually being hosted at another site, munisselfservice.com, so I'm not sure that a hack of the Monrovia city site would allow credit card info to be stolen.
- Brad Haugaard
No comments:
Post a Comment