For several days, testimonials from customers of the second-hand product sales site have been multiplying concerning piracy cases.
A Vinted kitty filled by the sales made and which disappears overnight. This is the unpleasant experience experienced by many users of the Lithuanian second-hand sales platform in recent days. According to information from Parisianseveral hundred people would be affected by this elaborate hack.
The kitty (or “wallet”) of Vinted, normally allows members to securely collect the fruit of their sales and to be able to buy with this same jackpot. If they wish, users can also transfer the amount of their kitty to their bank account.
Up to 800 euros stolen
Cybercriminals have thus not carried out “mass” hacking, but are mainly concentrated on very large kitties, with sometimes more than 800 euros collected on a single kitty. And piracy is not concentrated only in France, where Vinted has a large part of its clientele, but also in Spain or Italy.
To succeed in siphoning off these numerous jackpots across Europe, the pirates would not, however, have had direct recourse to Vinted according to the statements of the platform at Parisian. The connection information used, such as usernames or passwords, would have been obtained thanks to data consulted during a previous hack on the Internet.
However, some users have received text messages, emails or calls informing them that a change of contact details was in progress on their account. But thinking of a scam or phishing, many did not react. Others could not even realize the scam in progress since the hackers directly changed the RIB associated with the account, a maneuver which does not require any approval by email or SMS, to recover the money later.
Blocked accounts
To prevent the hacked users from reacting in turn, the cybercriminals also managed to have their account blocked by Vinted, by posting pornographic content on the account.
In addition to the pots, hackers have also managed to recover the bank details of some members. According to screenshots provided by victims to the Parisianthe stolen money would have been sent to Germany, Ireland or Luxembourg.
Vinted now shows an unusual message when users attempt to redeem their kitty.
“Transfers to a bank account may be taking longer than usual. We’re sorry for the inconvenience.”
However, the Lithuanian platform specifies to the Parisian that people who have been victims of this hack will be compensated in the event of money lost on their wallet.
