Incident Overview

A threat actor using the handle "bigbandz" claims to be selling merchant account access for WEX corporate payment system. The access includes SOAP API keys with visibility to all daily payments made, along with the ability to issue payments and cards using the API key. The system uses XML SOAP envelope schema.

• Access Type: Merchant account for WEX corporate payment system
• API Type: SOAP API Keys using XML envelope schema
• Capabilities: Visibility to all daily payments made through the system
• Fraud Potential: Ability to issue unauthorized payments and cards using the API key
• Example Request: XML version 1.0 with UTF-8 encoding using SOAP-ENV:Envelope schema
• Example Response: XML version 1.0 with utf-8 encoding returning soap:Envelope with XMLSchema-instance
• Auction Details: Ends 24 hours after first bid
• Starting Bid: $500
• Step Increment: $100
• Blitz Price: $1000