In one of the ballsiest bank break-ins in recent memory, a team of hackers based in Eastern Europe managed to crack open Citigroup’s massive store of their customers’ personal financial data. Just by hacking Citi’s customer website.
The hackers broke in by impersonating legitimate credit card holders on the Citibank website:
Once inside, they leapfrogged between the accounts of different Citi customers by inserting vari-ous account numbers into a string of text located in the browser’s address bar. The hackers’ code systems automatically repeated this exercise tens of thousands of times – allowing them to capture the confidential private data.
As per usual, it’s not clear just how much damage the hackers did. Citi is resolute in stating that the mess was “rectified immediately”. However, what is know is that the ill-gotten credit card information was most likely taken from one of the many illegal “online bazaars” that have risen in Eastern Europe. In hacker communities like HackZone.ru, cyber criminals broker for stolen credit cards to buy merchandise and rake in profits. A Citi security expert even confirmed the breach originated in the region.
The demand for stolen credit card information is also on the rise, resulting in in thieves getting bolder in the search for new accounts. Banks will have to improve their security practices, if only to keep up. [NYT, Image via Shutterstock]