The technique hackers used to break into Citigroup’s network last month was at once clever and simpler than security researchers expected, a report from the New York Times says.
According to the article, hackers were able to log onto a site used by the credit card company’s customers to gain access to their network and further their probe by inserting assorted account numbers into their browser’s URL bar. The code they used simply repeated the action thousands of times over and gathered the bank’s customers’ sensitive data.
“It would have been hard to prepare for this type of vulnerability,” said one security researcher in an interview citing the sophisticated nature of the attack. The anonymous researcher went on to question just how an attacker could’ve known that targeting the browser would be so successful.
The attack, discovered during a scheduled check in May, yet not disclosed until last Thursday, harvested the names, e-mail addresses and account numbers of 200,000 Citigroup customers.
Read more on this from the New York Times.