The international financial institution HSBC said it was violated in October. According to the company, names, addresses, transaction history, account information, and more have leaked.
In a Communication [PDF] filed with the state of California, the bank said it was aware that some online accounts were accessed by unauthorized users between Oct. 4 and Oct. 14. The hack affected a fraction of the bank's US customers (less than 1 percent of the US customer base bases), according to the company's statements to the BBC, but for now no exact numbers have been released.
Spread names, addresses, birthdates, and account balances, transaction histories, and account numbers.
"HSBC deplores this and takes responsibility for protecting its customers," the bank said in a statement.
We have warned customers whose accounts may have been tampered with, and we offer them a one-time anti-theft service in their transactions.
The hack appears to have been done with brute force attacks. The attackers managed to find out codeof access using automated methods of checking account credentials.
Bryan Becker, application security researcher at WhiteHat Security Reported:
Σε γενικές γραμμές, οι τράπεζες απαιτούν κάποιον έλεγχο ταυτότητας δύο παραγόντων, και αυτό σταματάει κάθε επίθεση που χρησιμοποιεί credential stuffing. Έτσι έχουμε το ερώτημα: Γιατί δεν χρησιμοποιούσε η HSBC έλεγχο ταυτότητας δύο παραγόντων, ή, αν χρησιμοποιούσε, ποια ήταν η πραγματική αιτία της infringements?
______________________________
- KJ Magnetics: How to cook an egg with magnets
- Browsers & browsing history: released 4 0day
- Internet List of countries by number of users
- Cinnamon 4.0 stable: just released
- Microsoft Jet 0Day: update does not fix it
- Chrome disable auto-login
- LibreOffice 6.1.3 New Release from Document Foundation