Thehackers who recently attacked Citigroupand made of with the details of 200,000 customers used an extremely rudimentary attack that anyone could’ve pulled off, theDaily Mail reports.
All one needed to access other users’ information was a Citigroup account and a lot of spare time. After logging into the Citigroup credit card customer area of the site, accessing the information of other customers was simply a matter of replacing the account number in the browser’s URL bar with another number.
In short, potential thieves just needed a few lucky guesses to take other customer’s money.
This explains why the attack wasn’t spotted until May: it was the equivalent of a “no forced entry” break-in, using horribly lax authentication to access parts of the site without circumventing security measures.
If this is what online banks deem to be a secure system, I think I’ll put my cash under my mattress and sleep with a shotgun. Even with my non-existent aiming abilities, it’ll be safer.
Story byJoel Falconer
Joel Falconer is the Features Editor at TNW. He lives on the Gold Coast, Australia with his wife and three kids and can sometimes be found g(show all)Joel Falconeris the Features Editor at TNW. He lives on the Gold Coast, Australia with his wife and three kids and can sometimes be foundgamingorconsulting. Follow Joel onTwitter.
Get the TNW newsletter
Get the most important tech news in your inbox each week.
