Imperva identifies 8,378 reasons for better banking security

Redwood Shores, CA, (PresseBox) - Reports that the Suffolk County Bank - a subsidiary of Suffolk Bancorp, the US financial institution - had its banking servers hacked last November ( were met with astonishment at Imperva.

According to Amichai Shulman, the data security specialist's chief technology officer, what is amazing about the case is not just the fact that the bank has taken until now to reveal that around 10 per cent of its customers' credentials were compromised, but that the data was stored as plain text.

"This confirms our observations in our recent endofyear analysis, in which we predicted that 2010 will be year of hackers going after people's credentials, since they have become a saleable - as well as usable - commodity on the Internet," he said.

"The main reason for credentials being more valuable than credit card details is that, whilst cards are usually invalidated a short time after they have been fraudulently used, people regularly use the same credentials on multiple systems," he added.

As a result, the Imperva CTO says, it's a lot more difficult for a large number of Internet users to 'lock down' their electronic identities, as they have to change their passwords on multiple systems.

A much better strategy, he went on to say, is for organisations to start using multiple layers of security - including strong passwording and firewallprotecting their databases from prying eyes.

In this case, Shulman explained, it is clear the hackers realised that bank user credentials have a much higher community value that, say, payment card information as, once a hacker can log in with a user's credentials, s/he has access to their accounts and perform as many transactions as they wish.

"What I find astonishing about this hack is that you would think that a banking application would undergo much more stress testing than most and, as a result, the storage of user credentials in plain text would have been spotted and remediated early on in the system development process," he said.

"Although the full modus operandi for this banking hack has yet to be revealed, but given that the server was accessed and 8,378 credentials were stolen, I would assume the attacker gained access using an SQL injection approach," he added.

For more on Imperva:

Press releases you might also be interested in

Weitere Informationen zum Thema "Sicherheit":

Meldepflichten gibt es nicht nur bei der DSGVO

Vie­le Un­ter­neh­men ha­ben bis­her Schwie­rig­kei­ten da­mit, die ver­schärf­ten Mel­depf­lich­ten nach Da­ten­schutz-Grund­ver­ord­nung um­zu­set­zen. Gro­ße Pro­b­le­me be­rei­tet Vie­len da­bei, dass die Mel­dung der Da­ten­pan­ne inn­er­halb von 72 Stun­den bei der zu­stän­di­gen Auf­sichts­be­hör­de er­fol­gen soll. Da­bei sind dies nicht die ein­zi­gen Mel­depf­lich­ten, mit de­nen sich Un­ter­neh­men be­schäf­ti­gen müs­sen.


Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.

I want to subscribe to the gratis press mail and have read and accepted the conditions.