St. Louis Fed hack could affect website's usersReprints
The Federal Reserve Bank of St. Louis does not believe that its websites and its systems were compromised or hacked during an April 24 incident, a spokeswoman said Wednesday, but users who had tried to access the site that day are being advised that they may have been affected.
Computer hackers manipulated routing settings at a domain name service vendor used by the St. Louis Fed so they could automatically redirect some of the bank’s web traffic to rogue websites in an effort to gain information, the bank said in a statement Monday.
In Wednesday’s follow-up statement, the spokeswoman said that the bank’s websites and its systems were not compromised.
The St. Louis Fed said in its statement on Monday that users who were redirected to one of the phony websites created by the hackers to simulate the look of its research stlouisfed.org website may have been unknowingly exposed to vulnerabilities that the hackers may have put there, such as phishing, malware and access to user names and passwords.
“If you attempted to log into your user account (on April 24) it is possible that this malicious group may have accessed your user name and password,” said the statement.
The warning was sent to individuals who have an active user account for its publicly available economic data and analysis tools, which are available on the reserve bank’s research division’s public website.
The warning said also, “Out of an abundance of caution, we wanted to alert you to this issue, and also make you aware that the next time you log into your user account, you will be asked to change your password. In addition, in the event that your user name and password are the same or similar as those you use for other websites, we highly recommend that you follow best practices and use a strong, unique and different password for each of your user accounts on the Internet.”