Hackers Demand $1 Million in XRP after Breaching Two Canadian Banks

Hackers who stole the personal information of tens of thousands of customers from two Canadian banks are threatening to publish that data online unless the banks pay them $1 million in XRP.

Regional media outlet CBC News reports that the Bank of Montreal (BMO) and Simplii Financial were successfully breached over the weekend, allowing the hackers to access sensitive personal and financial information belonging to more than 90,000 customers. Stolen information included names, passwords, account numbers, security questions and answers, account balances, and social insurance numbers.

According to emails allegedly sent by the perpetrators, the hackers are holding that data for ransom and will dump it online unless the banks send them $1 million worth of Ripple’s XRP token, which is currently the fourth-largest cryptocurrency by market cap.

"We warned BMO and Simplii that we would share their customers informations if they don't cooperate," said the email, which appears to have been sent from Russia. "These ... profile will be leaked on fraud forum and fraud community as well as the 90,000 left if we don't get the payment before May 28 2018 11:59PM.”

The hackers explained that they were able to breach the banks’ sub-par security by using an algorithm to generate account numbers and then posing as customers who had forgotten their passwords.

"They were giving too much permission to half-authenticated account which enabled us to grab all these information," the email said, adding that the system "was not checking if a password was valid until the security question were input correctly."

The attackers also included an example customer data set from each bank to prove that they had circumvented the institutions' security protocols.

The deadline to submit to the ransom demand has now passed, but it is not clear if the fraudsters have carried out their threat to release the customer data on the web. In any case, it does not appear that the institutions intend to pay the ransom.

"Our practice is not to make payments to fraudsters," the Bank of Montreal told the publication in a statement. "We are focused on protecting and helping our customers."

Featured Image from Shutterstock

Tags: XRP
Josiah Wilmoth @Y3llowb1ackbird

Josiah is the US Editor at CCN, where he focuses on financial markets and cryptocurrencies. He has written over 2,000 articles since joining CCN in 2014. His work has also been featured on ZeroHedge, Yahoo Finance, and Investing.com. He holds bitcoin, but does not engage in day trading. He lives in rural Virginia. Follow him on Twitter @y3llowb1ackbird or email him directly at josiah.wilmoth(at)ccn.com.

News Tip?

tips (at) ccn.com

About CCN.com

CCN.com, also known as CCN Markets, is a financial news site reporting on Market News and Gaming. Op-eds and opinions should not be attributed to CCN Markets. Journalists on CCN Markets follow a strict ethical code that you can find here. You can contact us here. You can read more about us here. Find our journalists here. U.S. Office: New Jersey, USA. Twitter. Facebook. LinkedIn. Youtube.

We are using cookies for third-party applications like Twitter, Youtube embeds, Google Analytics and Google AdSense.

Privacy Policy