|
General
|
|
Written by Daniel
|
|
Monday, 17 September 2007 09:53 |
Brokerage firm uncovers data-sucking malware during system audit
SEPTEMBER 14, 2007 | 3:42 PM
By Tim Wilson
Site Editor, Dark Reading
Malware found on an internal database may have allowed spammers to steal names, addresses, phone numbers, and email addresses from as many as 6.3 million customers of TD Ameritrade, the brokerage firm revealed today.
In a press release, TD Ameritrade this morning confirmed reports that it has been informing customers of a potential security breach. The release does not confirm the figure of 6.3 million customers, but a company spokesperson did give that number to reporters in interviews.
The company uncovered the malicious code in one of its databases during an audit, which is part of a stock spam investigation. Sources familiar with the breach said the code is not unlike the code used to steal data on 1.3 million users at Monster.com.
TD Ameritrade has not closed its investigation, but early results indicate that the attack was designed not to penetrate users' accounts, but to collect addresses for spam campaigns. In addition to names and email addresses, the breached database also contains Social Security numbers, account numbers, and dates of birth, but there is no indication that the thieves stole any of this latter information, the brokerage firm said.
TD Ameritrade customers' user IDs, PINs, and passwords are stored in a separate database that was not penetrated in this attack, according to the company... More
Comment in the Forums |
