Sotsiaalne tarkvara ja võrgukogukonnad wiki
So if the URL was something like citibank.com/user/12345, all you had to do was change it to
citibank.com/user/123456 and you had access to all of their account information.
The hackers then used a simple script that automatically scraped all the account information, saved it, and then
changed the numbers in the URL and repeated the process. Hundreds of thousands of times.
http://consumerist.com/2011/06/14/how-hackers-stole-200000-citi-accounts-by-exploiting-basic-browser-vulne
rability/
In the Citi attack, the hackers did not obtain expiration dates or the three-digit security code on the back of the
card, which will make it harder for thieves to use the information to commit fraud.
http://www.nytimes.com/2011/06/14/technology/14security.html?src=recg&pagewanted=all&_r=0
�Result
Aasta 2011 mai kuus tabas Citigroup panka rünnak, mis mille käigus ligikaudu 1% kasutajate krediitkaardi konto
andmetele pääseti ligi
annaabi.ee 
