Jay Alabaster reports:
Two of Japan’s major Internet portals were hacked earlier this week, with one warning that as many as 100,000 user accounts were compromised, including financial details.
Goo, a Japanese Internet portal owned by network operator NTT, said it had no choice but to lock 100,000 accounts to prevent illicit logins. The company said it had confirmed some of the accounts had been accessed by non-users. The accounts can include financial details such as credit card and bank account information, as well as personal details and email.
The Web portal said it detected a series of brute-force attacks late Tuesday evening, with some accounts hit by over 30 login attempts per second. Goo said the attacks came from certain IP addresses, but didn’t disclose any more information.
How is it that their system didn’t block the account after three failed login attempts? Wouldn’t that be better than having to lock 100,000 users out of their accounts to prevent brute force attacks/runs that could resume from another IP once the accounts are unlocked again?
Also on Tuesday evening, Yahoo Japan said it discovered a malicious program on company servers. The program had extracted user data for 1.27 million users, but was stopped before it leaked any of the information outside of the company.
Good prevention of more damage, but how did the malware get on their servers? Did an employee fall for a phishing attempt or open an unsafe attachment, or….?
Read more on Computerworld.