September 14th, 2007
TD Ameritrade: hacked with 'unauthorised code'
This is bizarre, and suggests some sort of additional, underlying problem that has not been disclosed.
Online broker TD Ameritrade says an internal investigation into stock-related spam uncovered ‘unauthorised code’ in its computer systems that allowed illegal access to an internal database.
TD Ameritrade claims no customer assets or social security numbers were stolen, and the code only increased email spam to customers.
What does “unauthorized code” actually mean? I think someone broke into their system, analyzed their database code, and then patched that code to accomplish some particular goal. If intruders are sophisticated enough to modify protected code to send spam, they are smart enough to do other bad things as well. All this took place inside the TD Ameritrade security barrier. Serious stuff, indeed.
[via ZDnet colleague and fellow Enterprise Irregular Dennis Howlett]
Michael Krigsman is CEO of Asuret, Inc., a software and consulting company dedicated to reducing software implementation failures. Click here to discuss this post with him on Twitter. See his full profile and disclosure of his industry affiliations.
Subscribe to IT Project Failures via Email alerts or RSS.
| 09/14/07
