Hackers stole the personal information of tens of thousands of customers from two Canadian banks. They are now threatening to publish that data online unless the banks pay them $1 million in XRP.
Regional media outlet CBC News reports that the Bank of Montreal (BMO) and Simplii Financial were successfully breached over the weekend, allowing the hackers to access sensitive personal and financial information.
It is estimated that the information of 90,000 clients has been jeopardized. The stolen information included names, passwords, account numbers, security questions and answers, account balances, and social insurance numbers.
According to emails allegedly sent by the assailants, the hackers are holding that data for ransom and will release it online unless the banks send them $1 million worth of Ripple’s XRP token.
“We warned BMO and Simplii that we would share their customer’s information if they don’t cooperate,” said the email. “These profiles will be leaked on fraud forums and fraud communities if we don’t get the payment before May 28, 2018, 11:59 PM.”
The hackers explained that they were able to breach the banks’ substandard security by using an algorithm to generate account numbers and then posing as customers who had forgotten their passwords.
“They were giving too much permission to a half-authenticated account which enabled us to grab all this information,” the email said, adding that the system “was not checking if a password was valid until the security question was input correctly.”
The perpetrators also provided an example customer data set from each bank to prove that they had dismantled the institutions’ security protocols.
The deadline to submit the ransom demand has now passed, but it is not clear if the hackers have carried out their threats. It does not appear that the institutions intend to pay the ransom.
“Our practice is not to make payments to fraudsters,” the Bank of Montreal told the publication in a statement. “We are focused on protecting and helping our customers.”
This is a phenomenal example of how our current financial infrastructure is ancient and untrustworthy.
Blockchains are widely regarded as the most secure networks in the world. Decentralized blockchains have too many points of attack to hack and require a consensus in order to make a change or complete an action.
“Trusted” third parties have disappointed customers time and time again. Logically, decentralized protocols and peer to peer transactions will be the future of finance and global commerce.
The alternative is to trust totalitarian third parties and applications who can easily be hacked, and who take unreasonable fees for their “service”.