https://krebsonsecurity.com/2019/08/the-risk-of-weak-online-banking-passwords/
If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. This story is about how crooks increasingly are abusing third-party financial aggregation services like Mint, Plaid, Yodlee, YNAB and others to surveil and drain consumer accounts online.
Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords. Most often, the attacker will use lists of email addresses and passwords stolen en masse from hacked sites and then try those same credentials to see if they permit online access to accounts at a range of banks.
[...] From there, thieves can take the list of successful logins and feed them into apps that rely on application programming interfaces (API)s from one of several personal financial data aggregators which help users track their balances, budgets and spending across multiple banks.
(Score: -1, Redundant) by Anonymous Coward on Wednesday August 07 2019, @04:47AM
Banking itself is a crook business for thousands of years, why should we expect anything different now? Debt, slavery and stuff. The most successful crooks use banks for waging wars against each other and people. And I should be concerned about... a password???
(Score: 2) by captain normal on Wednesday August 07 2019, @05:59AM
"If you bank online there’s a decent chance your account could be pilfered by cyberthieves".
TFTFY
The Musk/Trump interview appears to have been hacked, but not a DDOS hack...more like A Distributed Denial of Reality.
(Score: 2) by maxwell demon on Wednesday August 07 2019, @08:07AM
From the article:
Any bank that doesn't should face charges for criminal negligence.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by rob_on_earth on Wednesday August 07 2019, @08:09AM
I have multiple email address and use a specific ones for certain services, like online banking.
If there was a repository that I could submit all the email address I do not use for these services and that were only ever spam traps, then any organisation could detect stuffers the moment they tried them.
Only down side to this is that list would leak and the spammers would have a nice blacklist.
Of course the list could implement a hash based check like the Troy Hunts Pwnd passwords API.
(Score: 0) by Anonymous Coward on Wednesday August 07 2019, @08:29AM (1 child)
You use it to login, and you use it to sign any meaningful operation. No "cyberthieves" can do nothing.
Your bank does not provide that option? Why on Earth do you keep any money with them, then???
(Score: 0) by Anonymous Coward on Wednesday August 07 2019, @04:31PM
Because all the other banks use the exact same security protocols and it's better than putting my retirement nest egg under the mattress.