Potential DDoS Attack on rmv.de: Lack of Response to Report Raises Concerns

In recent days, serious concerns have arisen regarding data security and service availability at one of Germany's major public transportation companies, the Rhein-Main-Verkehrsverbund (RMV). The DeutscheSec pentester team decided to investigate the situation that has alarmed the online community and users of the RMVgo app and the rmv.de website. The results of the analysis are troubling and suggest that the company may currently be the target of a Distributed Denial of Service (DDoS) attack.

A DDoS attack is a method in which attackers attempt to cripple a system or service by overwhelming it with an excessive number of requests or internet traffic. A DDoS attack can lead to service unavailability, delays in website functionality, and potential data leaks. This is a serious breach of online security that can have severe consequences for organizations and their customers.

The initial suspicions regarding the unusual behavior of the RMVgo app and the rmv.de website arose when an excessive load on the infrastructure and performance of these platforms was observed. However, upon closer examination, pentesters concluded that this behavior aligns more with the characteristics of a DDoS attack than with natural overloads.

In the graphics presented by DeutscheSec, clear irregularities in the performance and availability of RMV services are evident. What should serve as a reliable tool for public transportation appears to be vulnerable to significant disruptions at present.

What makes this situation even more concerning is the experience of one of DeutscheSec's pentesters, who encountered issues while using RMV services in Germany. The pentester in question reached out to the RMV company to report observed inconveniences and suspicion of a DDoS attack, but his concerns were dismissed and trivialized by RMV customer support. This behavior suggests that the RMV company not only fails to recognize the severity of the situation but is also unwilling to take appropriate measures to protect its customers from potential threats to their personal and financial data.

Currently, RMV requires customers to make payments for tickets using non-cash methods, which increases the risk of data leaks in the event of security vulnerabilities. Therefore, it is essential for RMV to issue an official statement regarding the security of its systems and assure customers that their personal and financial data are safe from cyberattacks and data breaches.

We appeal to the RMV company to take responsibility for the security of its customers and clarify the current situation. The company's past actions suggest that it does not take data security seriously and is not interested in safeguarding its reputation. This is not just a technical issue but also a threat to customer trust. Protecting the personal and financial data of users should be a top priority, and the company's transparency and responsiveness in the face of such a situation are crucial for maintaining customer trust.

Once RMV clarifies the situation and implements security measures, customers can use the company's services with greater confidence, knowing that their data is adequately protected. Data security and service availability are critical issues in today's digital world and should not be disregarded by any company.