According to our friends at Pindula News, CABS’s payment system might have been hacked and the hacker is said to be withdrawing funds. This is a developing story and the bank has not yet commented on the issue.

What we know

According to one Mark Oxley who works for St George’s College in Harare, he was a victim of the alleged hack. He then went to Borrowdale Police Station upon which he learnt he was the sixth person to report such a case involving CABS.

Someone has got illegal access to the CABS payment system.Funds are being withdrawn from accounts. Reports are being made at the moment to Police Stations.

I am at Borrowdale Police Station and they have just recorded their sixth report this morning. If you have a CABS Platinum account check with CABS urgently

Mark Oxley

The questions we have

Now the nature of this alleged hack is not yet clear to us. Is this a widespread hack or is this limited to Platinum Account (therefore affluent) holders? Is this a technical hack or just social engineering. The former would be the bank’s fault but the latter can scarcely be called a hack and there is little the bank can do. Is there a third party involved?

Zimbabwe’s banks place a little to much value on the OTP (One Time Pin) which they normally sent to users via SMS. Accessing this OTP has allowed hackers to empty people’s accounts in the past. Now the SMS system itself is inherently insecure and if there is a third party who can access these OTPs before they can expire or are used then hacking Zimbabwean accounts should relatively be easy.

That’s what we mean by is there a third party involved. Is this alleged hack, for example, a result of insecurities with OTP?

We are just spinning around here and have to wait for some communication from CABS and the authorities.