Hackers Hold European Central Bank's User Data Ransom

Hackers Hold European Central Bank's User Data Ransom

ECB Building

The stolen data is comprised of user contact information- including email addresses and phone numbers.

The European Central Bank learned of a digital infrastructural breach late Monday night when it received an anonymous email from the perpetrators seeking financial compensation for the acquired data. The ECB announced today on their website that the hackers exploited a vulnerability to access a database serving the ECB's public website, and no internal systems or market sensitive data were affected.

The majority of the data was encrypted- but email addresses, phone numbers and street addresses were not. Around 20,000 entries were contained in the database, and it is unknown whether the attackers copied all of its contents or only a limited selection. As a precaution, the ECB has reset all user passwords on its website and is reaching out to people whose personal information might have been compromised. The vulnerability exploited by the hackers has been identified and corrected.

The incident was reported to the local Frankfurt authorities, and an investigation has commenced. The Frankfurt police chose to wait for more information regarding the extortion instead of immediately responding to the inquiry. A spokeswoman for the bank has not nor intends to pay any amount of money to the group of thieves.

Jon French, a security analyst at email and Web security firm AppRiver, stated that the affected individuals are now currently at a higher risk of fraud and phishing attacks due to the security breach, and the inclusion of a target's personal information could make a phishing attack seem more genuine than a random spam email. Alternatively, the culprits could use a victim's information more directly in order to commit identity fraud.

Leave a comment and let us know what you think.

Source: PC World via ECB Press Release

Permalink

You would think a bank would be better protected. Whats the point in having a digital system for customers if you cant even protect those customers. Yes, ok, those hackers could be really good ones, but i dont care. If you want to store my details digitally then i expect my details to be 100% safe.

So the biggest threat these hackers pose is giving people a few more numbers to block and a more filler for people's spam folders? These are some pretty dangerous people we're dealing with. Smart thing to do would be to pay these guys their money and throw in a little extra just for being merciful enough to not fill people's mailboxes with auto insurance offers.

SonOfVoorhees:
You would think a bank would be better protected. Whats the point in having a digital system for customers if you cant even protect those customers. Yes, ok, those hackers could be really good ones, but i dont care. If you want to store my details digitally then i expect my details to be 100% safe.

There is no such thing as 100% safe. At best it can be harder to break in to than others. If anyone ever tells you something is 100% safe they are lying.

krazykidd:

SonOfVoorhees:
You would think a bank would be better protected. Whats the point in having a digital system for customers if you cant even protect those customers. Yes, ok, those hackers could be really good ones, but i dont care. If you want to store my details digitally then i expect my details to be 100% safe.

There is no such thing as 100% safe. At best it can be harder to break in to than others. If anyone ever tells you something is 100% safe they are lying.

And just saying that out loud all but guarantees an attack will happen almost immediately. Hackers love a good challenge.

I doubt they'll pay anything. What's stopping the hackers to sell the data, even after receiving a ransom?

bah they could have gotten the same info out of a phone book minus the email addresses not much for those effected to really worry about

SonOfVoorhees:
You would think a bank would be better protected. Whats the point in having a digital system for customers if you cant even protect those customers. Yes, ok, those hackers could be really good ones, but i dont care. If you want to store my details digitally then i expect my details to be 100% safe.

Then you cannot store your details on any network anywhere, ever, including the site you're posting on.

End of story.

If you come up with a 100% hack-proof system, then I'll happily eat my words. You won't, though, because no one has.

SonOfVoorhees:
You would think a bank would be better protected. Whats the point in having a digital system for customers if you cant even protect those customers. Yes, ok, those hackers could be really good ones, but i dont care. If you want to store my details digitally then i expect my details to be 100% safe.

That's something I don't understand... The ECB doesn't have customers per se. It's a central bank, its customers are other banks.

Aaah, the source made me think it was more like a mailing list for events. So there wasn't any actual banking stuff stolen.

I have a question.

Would this be the same Central Bank as on the captchas?

Also, when are they going to learn that high profile hack jobs draw way too much attention to get away with?

Wait, how does somebody demand ransom for information that can be duplicated?

SonOfVoorhees:
You would think a bank would be better protected. Whats the point in having a digital system for customers if you cant even protect those customers. Yes, ok, those hackers could be really good ones, but i dont care. If you want to store my details digitally then i expect my details to be 100% safe.

there is no such thing as 100% safe. you are asking impossibility. best genius in the world could not create a system that is hack-proof. just like there isnt a lock that cant be broken into. the question is how much safety is economically feasible. if you can protect against 99.9% of hackers for 0.1% of the cost it would take to further improve safety, thats generally acceptable as very good security.
Then the 0.1% still manages to break in.

Also note that article said that no sensitive data was compromised besode emails and adresses. since this is ECB, most of these will be official organizations and corporations and much less private individuals. these organizations/corporations already publicize their email and adress and phone numbers anyway, so that data will be of little use. good luck breaking that encryption though.

lacktheknack:
including the site you're posting on.

escapist does not even support https protocols, security on this site is very low. well, were not really storing sensitive data on here so thats kinda fine, still would like to see at least HTTPS in here.

FalloutJack:
I have a question.

Would this be the same Central Bank as on the captchas?

Also, when are they going to learn that high profile hack jobs draw way too much attention to get away with?

I dont know what capchas you see, but i only saw Bank of America on them and no its not the same.

Also, they did get away with it. noone knows who they are.

Strazdas:
Zip

My bad. It was Citizens Bank. That's the one that always pops up. Still woulda' been funny, though.

EDIT: Oh, I forgot the other thing. Any high profile hack that gets reported like this? Practically has a big sign and a trail leading to the sucker going "HI! HI! PLEASE CATCH ME!". The louder it is, the easier to find.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here