19 February 2017
visit dh.com

Citigroup hackers broke in through the public Website - NYTimes

15 June 2011  |  11116 views  |  0 arrow on screen

The hackers who made off with the personal account data of 200,000 Citigroup customers allegedly broke into the bank via its public Website, focussing on a simple vulnerability in the browser address bar.

One of the investigators working on the breach has told the New York Times that the attack was both simple and ingenious.

The NYTimes source, billed as a "security expert familiar with the investigation", said the attackers logged on to the part of the bank's site reserved for credit card customers - and substituted their own account numbers which appeared in the browser's address bar with other numbers. Using a computer-based random number generator, the hackers created tens of thousands of possible account numbers, which opened the door to the profiles of other customers.

Citi confirmed the breach last week, saying that names, account numbers and e-mail addresses had been compromised but not birth dates, social security numbers and card security codes, which are held elsewhere.

Thieves found Citigroup site an easy entry - New York Times

Finextra verdict: If true - and the NYTimes is careful to mask its source - this a truly embarrassing security failure for Citi. Inserting customer account numbers into the visible display bar on the browser is a basic error. Heads must roll.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Hackers hit Citi card customers

Hackers hit Citi card customers

09 June 2011  |  8682 views  |  0 comments

Related company news

 
Visit capgemini.comvisit dh.com

Top topics

Most viewed Most shared
IBM and Visa join forces to turn billions of connected devices into points of saleIBM and Visa join forces to turn billions...
13291 views 11 comments | 48 tweets | 78 linkedin
Nesta launches £5 million Open API challengeNesta launches £5 million Open API ch...
9940 views comments | 21 tweets | 18 linkedin
Jaguar embeds payments into digital dashboardJaguar embeds payments into digital dashbo...
9281 views comments | 48 tweets | 55 linkedin
The fintech effect: Banks buy in to benefits of boosting financial well-beingThe fintech effect: Banks buy in to benefi...
8725 views comments | 15 tweets | 11 linkedin
Kevin the bot uses blockchain to offer insurance for P2P transactionsKevin the bot uses blockchain to offer ins...
7423 views comments | 16 tweets | 12 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job