Nasdaq bulletin boards breached by hackers
18 July 2013 | 6118 views | 0
Nasdaq has warned users of its community bulletin boards that hackers have broken into the site and may have compromised user e-mail addresses and passwords.
Nasdaq has sent an e-mail alert to Community forum members warning them of the breach and advising that they change their passwords on other Websites where the same codes are in use.
The US exchange says that trading and e-commerce systems and transactions were unaffected by the break-in.
The attack is the second successful breach on Nasdaq security in as many years. In 2010, hackers broke into Nasdaq OMX's Directors Desk, a Web-based service that lets management and board members of listed companies share confidential documents securely. An FBI investigation into the incident subsequently found out-of-date software, misconfigured firewalls and uninstalled security patches on the exchange operator's PCs.
Security expert Graham Cluley suggests that similar sloppy practices may have been behind the most recent breach.
"My guess is that the servers running the Nasdaq community messageboard software had not been properly configured or not kept updated against vulnerabilities, and this allowed hackers an open window to access sensitive information," he says. "Worryingly, there is no mention of passwords being securely encrypted suggesting that the site could have been storing users' passwords in an insecure fashion up until now."
While users have been warned of the transgression, visitors to the site are currently greeted with a blank page and economical message: "We are currently upgrading the Nasdaq.COM Community site. We apologize for the inconvenience."