International financial institution HSBC reported it was breached in October. According to company names, addresses, transaction history, account information and more leaked.
In a Communication [PDF] filed in the State of California, the bank stated that it was aware that some online accounts were accessed by unauthorized users from October 4 to 14. The hack affected a fraction of the bank's American customers (less than 1 percent of its American customer base), the company told the BBC, but exact numbers have not been released at this time.
Spread names, addresses, birthdates, and account balances, transaction histories, and account numbers.
"HSBC deplores this and takes responsibility for protecting its customers," the bank said in a statement.
We have warned customers whose accounts may have been tampered with, and we offer them a one-time anti-theft service in their transactions.
The hack seems to have been done with brute force attacks. Attackers managed to find passwords using automated account credentials.
Bryan Becker, application security researcher at WhiteHat Security Reported:
In general, banks require some form of authentication two factors, and this stops any attack he uses credential stuffing. So we have the question: Why wasn't HSBC using two-factor authentication, or if it was, what was it? real cause of the breach?
______________________________
- KJ Magnetics: How to cook an egg with magnets
- Browsers & browsing history: released 4 0day
- Internet List of countries by number of users
- Cinnamon 4.0 stable: just released
- Microsoft Jet 0Day: update does not fix it
- Chrome disable auto-login
- LibreOffice 6.1.3 New Release from Document Foundation