The international financial institution HSBC said it was violated in October. According to the company, names, addresses, transaction history, account information, and more have leaked.
In a Communication [PDF] filed with the state of California, the bank said it was aware that some online accounts were accessed by unauthorized users between Oct. 4 and Oct. 14. The hack offended a portion of the bank's American customers (less than 1 percent of its American customer base), the company told the BBC, but exact numbers have not been released yet.
Spread names, addresses, birthdates, and account balances, transaction histories, and account numbers.
"HSBC deplores this and takes responsibility for protecting its customers," the bank said in a statement.
We have warned customers whose accounts may have been compromised and are offering them one year monitorings in their transactions an anti-theft service.
The hack appears to have been done with brute force attacks. Attackers managed to discover passwords using automated methods control of account credentials.
Bryan Becker, researcher better safetyof WhiteHat Security applications Reported:
In general, banks require some form of two-factor authentication, and this stops any attack that uses credential stuffing. So we have the question: Why wasn't HSBC using two-factor authentication, or if it was, what was the real reason for it? infringements?
______________________________
- KJ Magnetics: How to cook an egg with magnets
- Browsers & browsing history: released 4 0day
- Internet List of countries by number of users
- Cinnamon 4.0 stable: just released
- Microsoft Jet 0Day: update does not fix it
- Chrome disable auto-login
- LibreOffice 6.1.3 New Release from Document Foundation