IT-worker Victoria Alexandrova, who is the founder and CPO of KARAKUM Soft, insists that the situation in which fraudsters gained access to her «Diia» through the OTP bank ID created by the fraudsters and subsequently issued online loans in her name can be considered a hacking of «Diia».
IT-worker Victoria Alexandrova, who is the founder and CPO of KARAKUM Soft, insists that the situation in which fraudsters gained access to her «Diia» through the OTP bank ID created by the fraudsters and subsequently issued online loans in her name can be considered a hacking of «Diia».
«Dedicated to everyone who assures that „Diia“ has nothing to do with it. When the situation became public, people with a similar situation started contacting me. And all of them also had their accounts hacked through different banks and new devices were added through BankID. Why? Because this method makes it much easier to obtain loans. Each quick loan union has a choice: attach documents manually or through „Diia“. Of course, scammers do not have physical documents, so they hack „Diia“ and with its help the loan provider receives all the necessary information, just in a couple of clicks,» Viktoriya Alexandrova expressed her opinion on LinkedIn.
In this context, the IT professional explains what she considers an account hack.
«In short: ‘Account theft or hacking is a method of Internet fraud, as a result of which attackers steal your password and gain access to your profile’ or ‘Someone has logged into your account.’ So did the fraudsters gain access to my profile? They did. Did they log into it? They logged in! So it was a hack! Yes, it was preceded by a bank account hack, but both are hacking,» she is convinced.
At the same time, not all LinkedIn users from the IT environment agree with Victoria’s position in the comments.
«If you lost your apartment keys, an attacker found them, figured out when you would be away, opened the lock, entered your house, sat down at your computer where you are logged in to LinkedIn, and wrote obscenities to your manager — then LinkedIn wasn’t hacked, they got into your apartment. And even if you get fired after that, it’s not LinkedIn’s fault,» Product Manager Vitaliy Vladov draws an analogy.
In turn, Certified Digital Marketing & Project Manager Oleksandr Tynyk provides his own chain of recommendations on how to avoid such situations.
Let us remind you that the story of Victoria Alexandrova caused a significant resonance: the IT specialist stated that she had become a victim of fraud. Now she is a «borrower» in a number of financial institutions and microcredit organizations, although the specialist herself did not issue any loans.
As Victoria told dev.ua, unknown individuals logged into the «Diia» application via bank-ID in OTP-bank, using a third-party device for this.
The specialist claims that she filed a police report. She also managed to clarify the situation with the bank. «I clarified with OTP Bank. In 2022, I had an individual entrepreneur account there, to which I received a salary. Then the individual entrepreneur closed it, but the account was not. Well, it was hacked and a few days ago an account was created in the OTP application and a virtual card there. The number that was linked is my former number, which has been inactive for at least a year and a half,» she said .
In response to this situation, the Ministry of Digital Affairs commented that «Diia» on the contrary helped to quickly identify the problem, because thanks to push notifications about loans, the victim of fraudsters immediately learned that the attackers had taken possession of her data and were trying to get money.
«The attackers gained access to the victim’s BankID, which they used to apply for loans. They also used BankID to log in to Diia, but it is impossible to transfer a copy of a digital passport or apply for a loan through Diia without the owner and a digital signature,» the Ministry of Digital Affairs noted.
Sense Bank responded to dev.ua’s request that in the aforementioned situation, the loan was not issued based on the specified application due to security measures implemented by the bank to prevent fraud.
However, according to the victim, many other institutions approved these fake loans, and the situation has not yet been resolved.
