The German webσελίδα of Citroen, the French car manufacturer, is hacked. The company has notified authorities and an investigation into the breach has already begun. According to the newspaper The Guardian, the attackers planted a backdoor on shop.citroen.de, which allowed them to steal the data hosted on the company's server.
The automaker states that some of its customer information has been violated, but is not sure how many bills have been affected.
Hold Security's Alex Holden investigates the breach. The backdoor has been removed, but appears to have existed since August 2013. The codes access χρηστών και διαχειριστών έχουν αλλάξει και χρειάζονται επαναφορά, οι markets have been temporarily disabled, and customers are urged to monitor their bank accounts. This probably indicates that financial data has been leaked.
The case becomes even more interesting with the answer to the question, how did cybercriminals fail to violate Citroen's website?
Ο Alex Holden της Hold Security πιστεύει ότι οι εγκληματίες πίσω από την attack είναι οι ίδιοι με αυτούς που παραβίασαν την ιστοσελίδα της Adobe, της PR Newswire και άλλων χρηματιστηριακών εταιρειών το 2013. Στις περισσότερες από αυτές τις επιθέσεις, οι hackers εκμεταλλεύτηκαν vulnerable points in Adobe ColdFusion to gain access to the target company's servers.