A cyberattack on the Federal Reserve Bank of St. Louis last month compromised the bank’s domain name and routed web traffic to rouge websites created by the hackers that simulated the original, the bank confirmed this week.
Bank officials said in a statement on Monday that while the hackers didn’t compromise its website, they did manipulate the bank’s routing on April 24.
“As is common with these kinds of DNS (domain name service) attacks, users who were redirected to one of these phony websites may have been unknowingly exposed to vulnerabilities that the hackers may have put there, such as phishing, malware and access to user names and passwords,” the Fed statement said.
The statement added that those people who attempted to access the research.stlouisfed.org website on April 24 might have exposed their account name and password to hackers. As a precaution, users will be asked to change their password the next time they log onto the website.
“[In] the event that your user name and password are the same or similar as those you use for other websites, we highly recommend…a strong, unique and different password for each of your user accounts on the Internet,” said the statement.
Hackers regularly target US government agencies and websites, most recently at the White House, State Department, United States Postal Service, and National Oceanic and Atmospheric Administration, according to Reuters.
Security experts think hackers may have secured bankers and currency traders’ email addresses and passwords, which could be used in future attacks.
“Great way to phish the password and email addresses of bankers and currency traders,” Dave Jevans, chairman of the Anti-Phishing Working Group,told The New York Times. “Since people reuse passwords, this is a ready font of juicy data to attack all users of the Fed’s data.”