JP Morgan Chase has reportedly tracked down the hackers who stole the contact information of 83 million customers through the breach of a third party corporate event website.
According to reports, the major US bank found that hackers had used about 90 servers over two months from June to attack both the bank and the website of the JP Morgan Corporate Challenge.
Further investigation also surfaced that hackers gained access to the website certificate for the vendor of Corporate Challenge site, Simmco Data Systems, in April, which offered them with access to any communications between users and the website, including login credentials.
The breach was found on a repository of a billion stolen login credentials from about 420,000 websites, which, Hold Security had hinted to a Russian hacking group, the New York Times reported.
However, Hold Security started notifying about the breach in August, and JPMorgan officials then informed Simmco Data.
According to the Wall Street Journal, hackers initially gained access to the bank’s network by attacking the computer of an employee with special privileges used both at work and at home and then progressed across the bank’s network to pinch contact information.
The attack on JP Morgan was originally discovered in July, while its extent remained unclear for several months before it was exposed to have affected 83 million customers, with seven million of them business account holders.
Further, hackers behind the JP Morgan attack also targeted nine other financial groups.
