On Sunday evening, Anonymous leaked over 4,000 banker profiles it claimed to have stolen from the federal reserve. The information contained names, addresses, IP addresses, hashed passwords and other sensitive information. Now the federal reserve has confirmed the hack, but says no “critical functions” were affected.
ZDNet reports that the Federal Reserve sent out notices to affected individuals earlier this week confirming an intrusion on their system. In a statement to Reuters, a spokesperson said the Federal Reserve was “aware that information was obtained by exploiting a temporary vulnerability in a Web site vendor product.” The vulnerability was reportedly fixed, and should cause no more problems in the future.
Of course, that doesn’t fix the fact that a list containing the personal data of over 4,000 bankers is still floating around the Internet. The Federal Reserve downplayed the hack by telling those affected that their passwords were not compromised. That’s technically true, but there’s still cause for concern.
Speaking to ZDNet, Jon Waldman, a senior information security consultant for financial institutions, said the hashed passwords included in the leak could be easily decrypted by hackers. The list which contained the information is no longer on the original hacked Alabama Web site, but it’s reportedly being hosted on a Chinese Web site for hackers to get a hold of. Waldman says the existence of this information means that banking executives “will be specific targets of Social Engineering and hacking attacks.”
It remains to be seen if any of the leaked information has led to attacks on individual banks. Waldman certainly thinks they’re at risk, but you would hope that banks would be wary of any attempts to solicit info after this latest attack.
We’ll continue to follow the exploits of Anonymous in #OpLastResort. It doesn’t appear that the hacktivist collective is done just yet, and likely has more attacks planned in the coming weeks.
[Image courtesy Wikimedia Commons]