HomeCommunitySecurity Blog

Security Blog

 

Citibank Hacked - Your Money is No Longer Safe

Posted By Pete at 2:46 PM, June 16, 2011

First there was Barracuda Networks, then the Sony Playstation Network, now it's Citibank. This is a disturbing trend of large sites and networks being hacked and the hackers getting away with thousands/millions of customer records. The really big one - the Playstation Network hack could have potentially exposed critical data (credit card numbers, names, emails, passwords) of over 70 million of its customers. However, from my point of view the recent Citibank hack was even more alarming.

The hackers went straight to the source for this one. The Citigroup has indicated that over 360,000 customers had their financial data exposed in the attack. The hackers were able to access this data through a vulnerability in the Citibank Web site. The attackers used a Web parameter tampering method by adding account numbers into the URL string in the browser.

I'm surprised that with so much at stake, this vulnerability wasn't found internally earlier and patched. This just goes to show that there isn't enough vulnerability testing in both the software development or deployment phases.

I hope the rest of the banking industry takes note and fortify their defenses, otherwise people might be better off hiding their hard earned cash in their sofas.

Posted by: Pete at 2:46 PM
Categories: General

No TrackBacks

TrackBack URL: http://prosecure.netgear.com/cgi-bin/mt/mt-tb.cgi/124

Comments