Bank Data Hackers Demand $1 Million XRP Ransom
Hackers have managed to gain access to the personal information of around 100,000 customers from two Canadian banks. The customer info was stolen over the weekend from the Bank of Montreal and online bank Simplii Financial (owned by CIBC). It has been reported that these hackers stole account information such as names, passwords, account numbers, security questions, and answers. It gets even worse though as the criminals were able to access social insurance numbers and account balances. They have made it clear that in order to stop the information from being published they demand that the banks pay them $1 million in XRP.
The hackers sent an email that reportedly appears to be from Russia stating, “We warned BMO and Simplii that we would share their customers’ information if they don’t cooperate.” “These … profiles will be leaked on fraud forum and fraud community as well as the 90,000 left if we don’t get the payment before May 28, 2018, 11:59 PM.” The perpetrators were able to access the customers’ private information by using an algorithm that randomly generated account numbers and then used the bank’s forgotten password feature to gain complete access to the accounts.
The email from the hackers went on to state, “They were giving too much permission to a half-authenticated account which enabled us to grab all these information,” and the bank “was not checking if a password was valid until the security question was input correctly.” CBC News spoke with the Bank of Montreal who told the news outlet that they do not intend to pay the ransom and are working to protect the customers’ information.
So far the banks have only offered customers free credit monitoring and a few other services but it is yet to be seen how the banks can stop the hackers from releasing the information publically without paying the $1 million in XRP.