The Hong Kong Police arrested 14 people suspected of stealing a total of HK$ 255,000 by digging up five victims' PPS online and phone payment system account log-in details via P2P tools.
According to the police, some of the victims stored their PPS log-in names and passwords in their computers and installed P2P software on the same machines. The suspects --13 men and one woman -- stole not only PPS log-in details but also the victims' mobile phone numbers that allowed them to forward SMSes containing one-time passwords and other notifications from PPS to other phone numbers, said the police.
By registering Hong Kong Jockey Club accounts to those stolen PPS accounts, the suspects -- with one-time passwords sent by PPS--were able to transfer money to other Jockey Club accounts they created, the police added.
Before reporting their situation to the police, one of the victims was informed by a bank that a large amount of money was transferred from his account while other victims found out Jockey Club accounts were registered to their PPS accounts without their knowledge, according to a media report by Chinese-language newspaper Ming Pao Daily.
Both PPS and the Hong Kong Jockey Club said the incident has nothing to do with the security of their systems.
Sign up for Computerworld eNewsletters.