Many have called on GTBank to promptly address the situation and provide reassurance about the safety of customer data."
Concerns have been raised by numerous Nigerian social media users, particularly on X (formerly Twitter), regarding reports of a potential security breach on Guaranty Trust Bank's (GTBank) website.
Users have shared screenshots of the allegedly compromised website, sparking worries about the security of their personal and financial information.
Many have called on GTBank to promptly address the situation and provide reassurance about the safety of customer data."
An X user, SERAH Ibrahim said the suspected hacking started on Wednesday night. She added that the suspected hackers have created another HTTP layer of the website in an apparent ploy to steal customers’ data through phishing.
SERAH Ibrahim wrote: “Suspected cybercriminals appeared to have compromised the domain address of Nigeria’s banking giant GTBank since Wednesday night, 14th August, 2024.
“The incident came a day after the domain name was renewed for another five years from August 13, 2024, through March 21, 2029, according to multiple online platforms that analyse domain information.
“No hacker has claimed responsibility for the vandalism yet, which appeared to have started midnight yesterday, August 14.
“Already, the attackers appeared to have created another HTTP layer of the website in an apparent ploy to steal customers’ data through phishing.
“A cybersecurity expert with experience in the Nigerian banking industry said it was possible that the bank’s login details were compromised, as against the domain address itself being stolen for a resale at a more lucrative deal online.
“This phishing attack has now caused Gtbank's domain name to be owned by someone else, either by the hackers or whoever they choose to sell it to.
“This brings the question if GTBank, being one of the biggest banks in Nigeria, did not have a DNSSEC set up which would have prevented or mitigated this hack.
“The bank’s mobile infrastructure did not appear to have been affected for now, as Android and iOS-based applications are still in operation.
“One thing is for sure, a lot of GTBank staff would definitely be losing their jobs this week.”
Another X user, Bakhpa expressed worry that the bank had not addressed its customers officially on the alleged hacking of its website.
The X user wrote: “No official communication from @gtbank yet and its over 24hours since they have been under a cyber attack, this is a clear breach of #NDPR as it has affected our rights and freedom.”
Olayemi said, “About a week ago, I noticed that GtBank SSL certificate had expired. I immediately confirmed this by visiting the site through a Google search. It's shocking that a whole bank allowed their SSL certificate to expire. Now, the domain has expired and been purchased by someone else.”
“I assume the person in charge of renewing the certificate has resigned, and HR hasn't acted swiftly to fill the role. The organization will now have to spend a fortune to recover the domain, or even worse, secure a new one, which is highly detrimental for a fintech business,” the X user added.
Fawaz Momoh, who identified himself as a web developer, said the bank website is currently having problems because the management failed to renew as and when due.
He said: “The @gtbank domain takeover is most likely a false information. I am not saying it's 100% false, but here is why I don't think it's true. From what I know as a web developer, what could have happened is that the domain expired and they (GTbank) didn't renew it before it went down.
“Now, during that expiration period, the website will still be theirs but it will not show the proper information again it is renewed.
“A domain takes about 30-60 days for it to be available on the internet again and at that time it can be purchased by anyone else. What I mean is that if the domain is not renewed within 60 days, then the website will be available on the internet again for free purchase.
“At that time, the previous date it was bought will no longer be valid. It will change to the new date it was bought. As long as it wasn't renewed within 60 days.
“Meanwhile, the website will be down for those 60 days (which is not what happened here).
“From what we can see, the date still shows 2002, that means it didn't leave GTbank's possession, if it did, then it would have shown the new date it was bought (which would probably have been on the August 13th, the last time it was updated).
“Now, if you look at the date again, the domain was registered on the 21st of March, 2002 to expire 21st of March, 2029. If it was taken over, that date will not be the same because domains are usually purchased in years.
“That means it expires years later exactly on the same day of the year it was purchased.
“To prove that nothing happened to GTbank and it was probably a downtime in my opinion, I looked up other banks and their records and found an almost exact replica of GTbank's info; First bank.
“Look at the images in this thread, you will see that both banks use the same information. Some hosting providers fill in this information for you especially when you choose to make your ownership private.”