Hackers steal 2.7 million dollars from Citibank customers

On 10 May 2011 have been unknown hacker Data 360 083 customers from the U.S. servers Citibank with a simple URL trick captured. Now the hackers have started to loot the bank accounts of victims and stealing money. The Wall Street Journal reports that since 3400 accounts for at least a total of 2.7 million U.S. dollars had been relieved. The hackers managed to access the service Citi Account Online, where she had access to almost two percent of the approximately 21 million customers in North America.

The operation itself succeeded them by a simple gap in the Web server. You only had to make a simple change in the URL. It would be necessary to login with a valid account in the customer area of credit card customers. Then you could simply include a high number in the website address to obtain the data of other customers. With the help of a script they did the tens of thousands of times security codes or social security numbers of credit cards they did not obtain, however.

Nevertheless, it is now possible for hackers to withdraw an average of almost 800 U.S. dollars. Citigroup had noticed the intruder during a routine inspection. Until 8 June he was finally made ​​public. Citigroup announced that pay for the damage. However, it should be 217 657 with only two thirds of the affected credit card reissued.

Source: heise