First of all, I'm putting this under "rants" because I physically did some combination of a facepalm/head-desk.
So, citigroup got hacked. I know, nothing new there, nothing too special. The bad part is how it was hacked. Anyone wanna guess? Well, I'll tell you. They changed the account number in the URL. Wait, what? Yes, that's right, they changed the account number in the URL. Now I'm sure your asking yourself, much like I was, "don't they use any authentication to make sure you have access to that account?" Well, apparently, no.
In fact, about 200,000 people had their information stolen.
slashdot link
So, citigroup got hacked. I know, nothing new there, nothing too special. The bad part is how it was hacked. Anyone wanna guess? Well, I'll tell you. They changed the account number in the URL. Wait, what? Yes, that's right, they changed the account number in the URL. Now I'm sure your asking yourself, much like I was, "don't they use any authentication to make sure you have access to that account?" Well, apparently, no.
In fact, about 200,000 people had their information stolen.
slashdot link