Nasdaq forum website hacked, passwords compromised
Cyber-criminals targeted Nasdaq OMX Group’s community forum website and gained access to the email usernames and passwords of the members of the site, which took two days to come back online on Thursday evening.
The New York-based exchange operator said in an emailed letter to users of the forum that no e-commerce or transactions of any kind were taking place on the website. The forum was open to the general public to join.
Nasdaq spokesman Joseph Christinat could not say how many people’s information may have been compromised.
The cyber-attack happened on Tuesday, the same day a report was released saying that around half of the world’s securities exchanges had been targeted by cyber-attacks last year.
Cyber-crime appears to on the rise both in terms of sophistication and complexity, widening the potential for infiltration and large-scale damage, the report, by the International Organization of Securities Commissions’ research department and the World Federation of Exchanges Office, said.
A major attack could result in widespread public mistrust and a retreat from the markets, it added.
On Thursday, Wall Street firms, along with exchanges and regulators, held a simulated cyber-attack in order to help participants prepare to combat the real thing. The drill, named Quantum Dawn 2, was organised by the Securities Industry and Financial Markets Association.
Nasdaq said in the letter to its forum users that it was upgrading and restoring the forum website, where users can discuss issues such as market moves.
The exchange said all passwords expired and asked that members update any other accounts that may have the same passwords.
Nasdaq has been targeted by cyber crime in the past. In 2010, hackers infiltrated the exchange’s computer systems and installed software that allowed them to spy on the directors of publicly held companies, Reuters reported.
And last year in February, Nasdaq and Kansas-based exchange operator BATS Global Markets said they were hit by denial of service attacks, which seek to disrupt websites and computer systems by overwhelming the targeted organisations’ networks with computer traffic.
In October 2011, NYSE Euronext’s New York Stock Exchange website was inaccessible for 30 minutes, according to an Internet monitoring company, but the exchange said there was no interruption of service.