Concerns have been raised by numerous Nigerian social media users, particularly on X (formerly Twitter) as hackers attempt to take over Guaranty Trust Bank’s (GTBank) website.
GTBank is a leading commercial bank in Nigeria and Africa that provides a range of financial products and services, including retail banking, corporate banking, investment banking, and asset management.
The incident reportedly began on the night of August 14, 2024, just a day after GTBank renewed its domain name for another five years.
Some reports claimed that the hackers had created a fake version of the GTBank website to carry out a phishing operation to steal customer information.
This led to a flurry of customer complaints on social media, particularly on X (formerly Twitter), where users reported being unable to access the bank’s website to conduct transactions.
Fear over data breach
An X user, SERAH Ibrahim said the suspected hacking started on Wednesday night. She added that the suspected hackers had created another HTTP layer of the website in an apparent ploy to steal customers’ data through phishing.
SERAH Ibrahim wrote: “Suspected cybercriminals appeared to have compromised the domain address of Nigeria’s banking giant GTBank since Wednesday night, 14th August 2024.
“The incident came a day after the domain name was renewed for another five years from August 13, 2024, through March 21, 2029, according to multiple online platforms that analyse domain information. No hacker has claimed responsibility for the vandalism yet, which appeared to have started at midnight yesterday, August 14.
“Already, the attackers appeared to have created another HTTP layer of the website in an apparent ploy to steal customers’ data through phishing. A cybersecurity expert with experience in the Nigerian banking industry said the bank’s login details might have been compromised, as against the domain address itself being stolen for a resale at a more lucrative deal online.
“This phishing attack has now caused Gtbank’s domain name to be owned by someone else, either by the hackers or whoever they choose to sell it to. This brings the question if GTBank, being one of the biggest banks in Nigeria, did not have a DNSSEC setup that would have prevented or mitigated this hack.
“The bank’s mobile infrastructure did not appear to have been affected for now, as Android and iOS-based applications are still in operation. One thing is for sure, a lot of GTBank staff would be losing their jobs this week.”
Another X user, Bakhpa expressed worry that the bank had not addressed its customers officially on the alleged hacking of its website.
The X user wrote: “No official communication from @gtbank yet and it’s over 24 hours since they have been under a cyber attack, this is a clear breach of #NDPR as it has affected our rights and freedom.”
Olayemi said, “About a week ago, I noticed that the GtBank SSL certificate had expired. I immediately confirmed this by visiting the site through a Google search. Shockingly, a whole bank allowed their SSL certificate to expire. Now, the domain has expired and been purchased by someone else.”
“I assume the person in charge of renewing the certificate has resigned, and HR hasn’t acted swiftly to fill the role. The organization will now have to spend a fortune to recover the domain, or even worse, secure a new one, which is highly detrimental for a fintech business,” the X user added.
Fawaz Momoh, who identified himself as a web developer, said the bank website is currently having problems because the management failed to renew as and when due.
He said: “The @gtbank domain takeover is most likely false information. I am not saying it’s 100% false, but here is why I don’t think it’s true. From what I know as a web developer, what could have happened is that the domain expired and they (GTbank) didn’t renew it before it went down.
“Now, during that expiration period, the website will still be theirs but it will not show the proper information again it is renewed.
“A domain takes about 30-60 days for it to be available on the internet again and at that time it can be purchased by anyone else. What I mean is that if the domain is not renewed within 60 days, then the website will be available on the internet again for free purchase.
“At that time, the previous date it was bought will no longer be valid. It will change to the new date it was bought. As long as it wasn’t renewed within 60 days. Meanwhile, the website will be down for those 60 days (which is not what happened here).
“From what we can see, the date still shows 2002, which means it didn’t leave GT bank’s possession, if it did, then it would have shown the new date it was bought (which would probably have been on the August 13th, the last time it was updated).
“Now, if you look at the date again, the domain was registered on the 21st of March, 2002 to expire 21st of March, 2029. If it was taken over, that date would not be the same because domains are usually purchased in years.
“That means it expires years later exactly on the same day of the year it was purchased. To prove that nothing happened to GTbank and it was probably a downtime in my opinion, I looked up other banks and their records and found an almost replica of GTbank’s info; First bank.
“Look at the images in this thread, you will see that both banks use the same information. Some hosting providers fill in this information for you especially when you choose to make your ownership private.”
This incident highlights the growing threat of cyberattacks on financial institutions in Nigeria, where hackers increasingly target bank websites to steal data through phishing schemes and other malicious activities.
However, GTBank’s mobile applications on Android and iOS devices remained functional during this period.
We don’t store customer information on our website, GTBank says
Guaranty Trust Bank (GTBank) has confirmed an attempted hacking incident on its website, addressing recent media reports that claimed hackers had seized and cloned the bank’s website, intercepting customer data.
In a statement released on Thursday, the bank clarified that while there was an isolated attempt to compromise its website domain, the website had not been cloned, and no customer data was at risk.
GTBank assured its customers and stakeholders that the bank does not store customer information on its website, thereby eliminating the possibility of any data compromise. The bank emphasized that the reports circulating in the media were inaccurate and should be disregarded.
The statement noted that the bank’s Information Security Experts are currently working round the clock to restore domain settings.
GTBank also reaffirmed its unwavering commitment to safeguarding customer data, urging customers to remain calm and confident in the bank’s robust security measures.
The statement read: “Our attention has been drawn to reports in the media alleging that hackers have seized the Bank’s website, cloned it and intercepted customer data.
“While there was an isolated incident of an attempt to compromise our website domain, we would like to assure all our Customers and Stakeholders that the Bank’s website has not been cloned and that we do not store customer information on our website, and as such, there has been no instance of compromise of customer data.
“Our dedicated team of Information Security Experts are currently working round the clock to restore domain settings, and we can assure our customers that our website will be up shortly.
“We urge all our Customers to please disregard the claims in these media reports and assure you of our unwavering commitment to safeguarding customer data.”
YOU MAY ALSO READ: France honors African Soldiers for their role in 80th anniversary of WWII allied invasion