Hackers have the data of 360,000 customers of the American Citibank captured. Said last week the bank that has 200,000 customers were affected. The hackers could, however, not store credit card numbers of affected customers to see.
Nevertheless, 217.000 people have a new credit card received, reports the bank. Directed to consumer of the Citigroup gives no information about how the hack has taken place. That would be the security are at stake, argues the bank.
The New York Times suggested earlier that the hack took place by a series of numbers in the url change: after logging on to the site for credit card holders, there was an identification number in the url. By that change it was possible the site into thinking that you if someone else was logged in. With an automated script could, therefore, the data are stolen. Changing the url to log in as someone else points to a beginner’s mistake for the security of the site.
The hackers could data such as the name, address and account number to access. Other data, such as codes of credit cards, were not to show up for the hackers. Replacing credit cards is a preventative measure. The attack was the beginning of may performed. The bank brought the news of the hack only last week to the outside.
Update 10:50: There is information about the possible way in which the hack is performed are added to the article, with thanks to Mr. P.