JPMorgan Hacked & Leaked Over 83 Million Customer Records

Use Netsparker


So yah last week we all discovered, OMG JPMorgan Hacked! This set a lot of people on edge as JPMorgan Chase & Co is the largest US bank by assets – so it’s pretty seriously business. The breach happened back in July and was only disclosed last Thursday due to a filing to the US Securities and Exchange Commission.

JPMorgan Hacked

This is a HUGE breach (76 million households and 7 million small businesses), one of the biggest in history – especially when it comes to the banking sector. Fortunately no really ‘critical’ data was leaked such as credit card details or social security numbers, but there was important information like addresses and phone numbers which at this volume are definitely valuable on the black market.

The July cyberattack on JPMorgan Chase & Co. that compromised the names, addresses, phone numbers and contact information of over 83 million people are believed to have originated in Russia with at least some level of state approval.

“It could be in retaliation for the sanctions” placed on Russia, one senior official briefed on the intelligence told The New York Times on Saturday. “But it could be mixed motives — to steal if they can, or to sell whatever information they could glean.”

JPMorgan Chase has worked with the Treasury, the Secret Service and intelligence agencies since the attack, which did not completely shut out the attackers until August, the paper reported. More than 90 servers were accessed and over 7 million small businesses were compromised.


There’s a lot of speculation that the hackers that pulled of this rather sophisitacted attack are Russian and somehow linked to Putin (although I’m not sure how they figured that out). The news also broke today that it was not only JPMorgan Chase & Co that was infiltrated – but they were just 1 of 9 financial institutions breached as part of this attack.

This includes banks and brokerages, more here: JPMorgan CYBER-HEIST: 9 US financial firms snared by ‘Russian hackers’, says report

“It was a huge surprise that they were able to compromise a huge bank like JPMorgan,” said Al Pascual, a security analyst with Javelin Strategy and Research, told the Times. “It scared the pants off many people.”

Experts fears that similar attacks in the future could ignite a financial crisis. JPMorgan Chase may be particularly vulnerable: The Times noted that the hackers were able to steal “a list of every application and program deployed on standard JPMorgan computers that hackers can crosscheck with known, or new, vulnerabilities in each system in a search for a backdoor entry.”

JPMorgan Chase has responded to the hacking by disabling compromised accounts and resetting passwords for its employees. The company also notified customers that they would not need to change their passwords or account information, nor would they be held liable for unauthorized transactions, The Associated Press reported Thursday.

It’s interesting that the hackers didn’t seem to go after the money, they really just wanted as much data as possible on JPMorgan customers.

It’ll be interesting to see if any of the other currently unnamed financial institutions are released to the press or if any of them suffered monetary losses – or they were all similar data grab scenarios.

Source: The Washington Times

Posted in: Privacy, Web Hacking

, ,


Latest Posts:


Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.
CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.
Yahoo! Fined 35 Million USD For Late Disclosure Of Hack Yahoo! Fined 35 Million USD For Late Disclosure Of Hack
Ah Yahoo! in trouble again, this time the news is Yahoo! fined for 35 million USD by the SEC for the 2 year delayed disclosure of the massive hack, we actually reported on the incident in 2016 when it became public.
Drupwn - Drupal Enumeration Tool & Security Scanner Drupwn – Drupal Enumeration Tool & Security Scanner
Drupwn is a Python-based Drupal Enumeration Tool that also includes an exploit mode, which can check for and exploit relevant CVEs.


Comments are closed.