Bank of Montreal and online bank Simplii Financial (owned by CIBC) made known that hackers stole identifying personal information of not less than 90,000 different account holders at the two banks over the weekends.
In a report by CBC News, the cyber criminals publicized that they stole information like names, account numbers, passwords, security questions and answers, and even social insurance numbers and account balances.
A mail sent from Russia to the two banks on Monday evening reads:
“We warned BMO and Simplii that we would share their customers informations if they don’t cooperate.”
The hackers claimed they gained partial entry into the database of the two banks using a common mathematical algorithm fashioned to rapidly authenticate moderately short numeric sequences like credit card numbers and social insurance numbers.
The algorithm, according to the hackers, is used to steal account numbers, which later give them access to impost as authentic account holders who do not know their password again. This gives them access to answer security questions, which translates to having access into their account.
“They were giving too much permission to half-authenticated account which enabled us to grab all these information,” the email reflected, maintaining that the bank “was not checking if a password was valid until the security question were input correctly.”
$1 Million In XRP Demanded
The email, however, demanded that a ransom of $1 million Ripple (XRP) be paid if the two banks want their customers’ data returned, otherwise they would be released to the world.
“These … profile will be leaked on fraud forum and fraud community as well as the 90,000 left if we don’t get the payment before May 28 2018 11:59PM,” the email said.
It is believed that the hackers have not revealed the deadline for the payment, CBC News in a conversation with Bank of Montreal reflected that the two banks do not pay fraudsters, but try to protect the information of their customers.