March 22, 2019

Perpetrators Use Credential Stuffing For The HSBC Hack

Perpetrators Use Credential Stuffing For The HSBC Hack


Brace yourself.  HSBC has said its US customers’ were hacked in October. Seems like the new normal these days.


Sensitive information like account numbers and balances, statement and transaction histories and payee details, as well as users’ names, addresses, and dates of birth, were accessed, according to HSBC.

The lender, HSBC puts the number of those affected at 1%. It says it has contacted all of those exposed.


‘HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously,’ the bank said in a statement.


‘We have notified those customers whose accounts may have experienced unauthorised access, and are offering them one year of credit monitoring and identify theft protection service.’


The bank said the online accounts were breached between 4 and 14 October.


The perpetrators haven’t yet noticeably tried to use the data to steal savings


The California Attorney General’s Office has posted a template of the alert sent to customers online, as one of the states affected.

ALSO READ: China Approved 16 Trademarks of Ivanka Trump’s Brand, Fueling Conflict of Interest Concerns

One expert believes the perpetrators used information harvested from elsewhere overtime to gain unauthorised access to the accounts called Credential stuffing.


‘The information made public so far by HSBC is quite limited,’ said Prof Alan Woodward from the University of Surrey.


‘It is clearly still investigating what happened whilst taking the actions necessary to protect customers and advise regulators.


‘There’s a lot more information we’ve yet to see, which I hope HSBC makes public when it has it.’

We think you'd love these too...

Related posts

Leave a Reply

Your e-mail address will not be published. Required fields are marked *