How Citigroup hackers broke in 'through the front door'

Found on Daily Mail on Monday, 13 June 2011

They simply logged on to the part of the group's site reserved for credit card customers - and substituted their account numbers which appeared in the browser's address bar with other numbers.

It allowed them to leapfrog into the accounts of other customers - with an automatic computer programme letting them repeat the trick tens of thousands of times.

If that is all that it took - rotating through a bunch of numbers - it doesn't even qualify as a hack anymore. It also makes you wonder who the security professionals are these banks pay to avoid exactly those embarrassing mistakes.

Browse all articles« Previous « » Next »