More than 10,000 HSBC hacked accounts for sale on dark web

Information security experts reported the detection of a threat actor selling information from up to 12,000 HSBC accounts in Mexico and the United States. The report, prepared by the researcher known as Bank Security, ensures that the hacker asks for at least $2,000 USD in exchange for this information.

The compromised information would include confidential details such as:

  • Online banking usernames
  • Passwords
  • IP addresses
  • Location details
  • Full access to most accounts

By monitoring other dark web illegal forums for information about this incident, Bank Security found other publications related to this hacker, discovering that it has a good reputation among the cybercriminal community, so this leak is most likely legitimate. Researchers used fictitious identities on these platforms and several cryptocurrency addresses to detect this hacker.

So far the banking institution has not commented on this, although it is worth mentioning that HSBC has an online banking platform that contains multiple confidential details and even allows financial transactions for considerable amounts, so this incident could have disastrous consequences.

These data leaking incidents remain one of the biggest cybersecurity issues worldwide. In a recent alert, the U.S. Treasury Department mentions that, during 2020, financially motivated hacking incidents related to governments in countries like North Korea increased by nearly 50% after a long period of inactivity.

Because the compromised data appears to be all corresponding to HSBC user accounts, it is believed that the threat actor could have stolen this information by committing a company server or attacking a third-party service. Other banking institutions such as Scotiabank have suffered similar incidents, which poses severe risks to users.

On the other hand, this is a clear example of how easily threat actors can collect sensitive information from online banking users: “Large amounts of financial information are available to cybercriminals, which can facilitate the deployment of dangerous cyberattack variants,” the security alert says.

In addition, telephone fraud has also grown in the United States and European countries, which has led users to have little confidence in such platforms, even though they are generally considered secure. To learn more about information security risks, malware, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.