Nasdaq bulletin boards breached by hackers

Nasdaq has warned users of its community bulletin boards that hackers have broken into the site and may have compromised user e-mail addresses and passwords.

  4 Be the first to comment

Nasdaq bulletin boards breached by hackers

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Nasdaq has sent an e-mail alert to Community forum members warning them of the breach and advising that they change their passwords on other Websites where the same codes are in use.

The US exchange says that trading and e-commerce systems and transactions were unaffected by the break-in.

The attack is the second successful breach on Nasdaq security in as many years. In 2010, hackers broke into Nasdaq OMX's Directors Desk, a Web-based service that lets management and board members of listed companies share confidential documents securely. An FBI investigation into the incident subsequently found out-of-date software, misconfigured firewalls and uninstalled security patches on the exchange operator's PCs.

Security expert Graham Cluley suggests that similar sloppy practices may have been behind the most recent breach.

"My guess is that the servers running the Nasdaq community messageboard software had not been properly configured or not kept updated against vulnerabilities, and this allowed hackers an open window to access sensitive information," he says. "Worryingly, there is no mention of passwords being securely encrypted suggesting that the site could have been storing users' passwords in an insecure fashion up until now."

While users have been warned of the transgression, visitors to the site are currently greeted with a blank page and economical message: "We are currently upgrading the Nasdaq.COM Community site. We apologize for the inconvenience."

Sponsored [Webinar] PREDICT 2025: The Future of Faster Payments in the US

Related Company

Keywords

Comments: (0)

[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming MandatesFinextra Promoted[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates