Citigroup hacked: data for 200,000 or more US Citibank customers breached


18 Responses to “Citigroup hacked: data for 200,000 or more US Citibank customers breached”

  1. Anonymous says:

    Citigroup bought the repeal of Glass-Steagal in order to retroactively legalize their purchase of Traveler’s, and that’s what led to TARP and the economic mess the whole world is in right now.

    Citigroup is greedy and corrupt, and spreads corruption and evil in its wake.

  2. Chong says:

    Any news on who was behind it? Only had a quick skim of the linked articles so I apologise if I missed it.

  3. MrJM says:

    My local credit union has never been hacked for the secure data of its customers.

    Just saying.

  4. Anonymous says:

    I, too, like my credit union, but come on folks- do you think their online security is any better? The size of the corporation doesn’t matter as much as you think it does when it comes to online security.

  5. SamSam says:

    Is there any way on earth now that we can avoid losing our information to stupid websites with stupid bad internet security? If we want to live in the modern world and bank and stuff, of course.

    I just rushed over to change my password, don’t know how much it will help.

    FWIW, here are the inane password requirements Citibank forces you to follow:

    To create a secure password for your account, follow these quick and simple Password Guidelines:
    * Must include a combination of letters and numbers only // ok, so explicitly disallowing other characters — which are no harder to store or hash!!! — makes us less safe
    * Must be 6 to 12 characters // setting a top limit of 12 characters — what, 13 characters is too big to store on your server??? — makes us less safe
    * Cannot begin with a zero // adding arbitrary rules limits the number of passwords, making us less safe
    * Cannot include spaces // a space is just a character — it’s no harder to store or hash — excluding it makes us less safe
    * Cannot have more than 2 consecutive characters (for example, 222 or MMM, etc) // adding arbitrary rules limits the number of passwords, making us less safe


    • Courtney says:

      I have non-letter/number characters in my citibank pw.

      • SamSam says:

        And I tried a 16-character password and it seemed to stick.

        So not only do they have the worst restrictions on picking passwords — almost every one of which makes your password less secure — but they don’t bother to implement their own restrictions. Somehow that makes me feel worse.

        Hmmm… what do you bet that the idea was “wait! What if we need to tell people their passwords over the phone! We can’t use zeros, what if we read them as O’s? And how are you supposed to pronounce characters like ^ anyway — we need to ban those. And no one wants to have to read out a 13-character password!”

        • Courtney says:

          Actually, I have a friend who works in customer service (not at citibank) and you would not believe the things she’s heard people call the @ character. Like “epsilon,” “the letter kitten,” and “strudel sign.”

        • nosehat says:

          Yes, such a system would prioritize reading-out-account-passwords-over-the-phone-to-whomever-is-calling over account security.

          Which would be consistent anyway.

          There is no reason why a bank should ever read out your password over the phone. In fact, there’s no reason a bank should ever have your plain text password in the first place. Is the one-way hash dead these days?

          • Anonymous says:

            No, i think forums still use it :D. Basically, the least important, least formal places on the internet are more secure than the most important.

  6. Anonymous says:

    I stopped doing business with Citibank three years ago, after my card data was stolen for the third time. On that third occasion, fraudulent transactions began appearing on a newly-issued debit card DAYS BEFORE THE CARD WAS ACTIVATED. I concluded that (a) Citi’s security was fucked; or (b) Citi itself was engaging in broad-scale intentional fucking of its customers; or (c) both.

    Switched entirely to my credit union. Zero problems since then.

  7. SamSam says:

    Damnit, there were supposed to be line breaks in that bulleted list. I meant to click preview, I swear!

    Anyway, I see now it’s supposed to just be credit card information. Since I would never willingly be a Citi customer for anything (my mortgage was transferred to them, out of my control), I feel a little safer.

  8. Anonymous says:

    If you think Citibank’s password rules are inane, look up the ones for American Express. For some stupid reason you can’t have a password over 8 characters long with them.

  9. TEKNA2007 says:

    Credit union member here. You couldn’t wish for better customer service, especially if you need to call up and talk to a human. I usually get people I’ve talked to before.

  10. Anonymous says:

    I see they’re trying to sneak this in when people are paying attention to sony’s fail, seeing as it happened in may and we’re 1/3 of the way through June. So, this company had 20,000 accounts compromised and didn’t tell anyone until at least a week or more likely several had passed.

    Yep, confirmed for sony-tier security and service.

  11. Anonymous says:

    Is it me or have there been more hackings of these big institutions? I wouldn’t be surprised to see it was Lulzsec.

  12. superzorgon says:

    WARNING: My co-worker has a Citibank account, and she just discovered that their remedy is to switch customers to a new account… and then charge them $100 for doing so.

    Any of you out there w/ Citibank accounts, take heed.

    I bet the Citibank employee who came up with that policy got a raise.

Leave a Reply