Ο international χρηματοπιστωτικός οργανισμός HSBC ανέφερε ότι παραβιάστηκε τον Οκτώβριο. Σύμφωνα με την εταιρεία they leaked names, addresses, transaction history, account information and more.
In a Communication [PDF] filed in her state California, η τράπεζα δήλωσε ότι γνώριζε ότι μερικοί διαδικτυακοί λογαριασμοί προσεγγίστηκαν από μη εξουσιοδοτημένους χρήστες από 4 έως 14 Οκτωβρίου. Το hack πρόσβαλε ένα τμήμα των Αμερικανών πελατών της τράπεζας (λιγότερο από 1 τοις εκατό της αμερικανικής πελατειακής βάσης της), σύμφωνα με δηλώσεις της εταιρείας στο BBC, αλλά προς το παρόν δεν έχουν κυκλοφορήσει ακριβείς αριθμοί.
Spread names, addresses, birthdates, and account balances, transaction histories, and account numbers.
"HSBC deplores this and takes responsibility for protecting its customers," the bank said in a statement.
We have warned customers whose accounts may have been tampered with, and we offer them a one-time anti-theft service in their transactions.
The hack appears to have been done with brute force attacks. Attackers managed to discover passwords using automated methods control of account credentials.
Bryan Becker, application security researcher at WhiteHat Security Reported:
In general, banks require a two-factor authentication, and this stops any attack using credential stuffing. So we have the question: Why did HSBC not use two-factor authentication, or, if it was using, what was the real cause of the violation?
______________________________
- KJ Magnetics: How to cook an egg with magnets
- Browsers & browsing history: released 4 0day
- Internet List of countries by number of users
- Cinnamon 4.0 stable: just released
- Microsoft Jet 0Day: update does not fix it
- Chrome disable auto-login
- LibreOffice 6.1.3 New Release from Document Foundation