SHARE

A Hacker group on twitter named “TeamBerserkclaims a Loot of $100,000 by hacking into a California based company “Sebastian” which provides IT solutions to homes & Offices.”

In real the huge amount was not looted from the company, hackers looted the amount from the bank accounts of company’s users.

Hackers attacked company’s website (kerman.sebastiancorp.net) SQLi and managed to access database of its users accounts, which includes users’ email addresses, usernames & passwords.

Hacker successfully managed to access users’ database

The users’ passwords taken from the database were used by hackers to log into their bank accounts. A video link was also attached in the hacker’s tweet, in which hackers demonstrated the complete process—how they hacked the website and tried users’ passwords to log into their bank accounts.

Hackers were inside a user’s bank account

Hackers also accessed Gmail account of the company, which is linked to company’s Paypal account, below is the screenshot we took:

That’s it, hackers used a simple trick, they used same passwords (that users used to log into company website) to log into bank accounts of users.

Well, it’s an example that shows how a same password could put users in some trouble, you should not use same passwords everywhere and always use a strong password which will also keeps hackers away from cracking your passwords through Brute Force techniques.

To generate a strong password, you can visit – http://strongpasswordgenerator.com/.

 

1 COMMENT

  1. Normal world is using TANs and tokens to log into the bank account, together with randomly generated username and password.
    The e-mail/password bank login concept is plain stupid.

LEAVE A REPLY

This site uses Akismet to reduce spam. Learn how your comment data is processed.