ST. LOUIS (KMOX) – The Federal Reserve Bank of St. Louis confirms that hackers have breached their research website.
The Federal Reserve in St. Louis sent KMOX a response saying that active users have been notified and given advice on the next steps to take. The feds also pointed out that the research website is not used for communication with banks and no other websites were hacked.
The Reserve’s spokesman did not respond to KMOX, but a spokeswoman told the New York Times that they don’t know who was responsible for the attack that occurred in late April.
Since the St. Louis Federal Reserve is one of the nation’s go-to research centers, National Economist Jordan Goodman says this will affect thousands of people.
“Economists, Wall Street people, Federal Reserve itself, academic…are using that information all the time,” says Goodman. “Potentially thousands of people could be exposed to those hackers.”
Security experts that say this breach required more skill than a typical website attack, believe people could be exposed to phishing, malware or could have names and passwords compromised.
The hackers were able to redirect the bank’s research web traffic to rogue sites.
Goodman says that it will not affect individual bank accounts.
The following notification was emailed Tuesday to individuals who have an active user account for their publicly available economic data and analysis tools (FRED, FRASER, GeoFRED, ALFRED), which are available on their research division’s public website:
The Federal Reserve Bank of St. Louis has been made aware that on April 24, 2015, computer hackers manipulated routing settings at a domain name service (DNS) vendor used by the St. Louis Fed so that they could automatically redirect some of the Bank’s web traffic that day to rogue webpages they created to simulate the look of the St. Louis Fed’s research.stlouisfed.org website, including webpages for FRED, FRASER, GeoFRED and ALFRED.
As is common with these kinds of DNS attacks, users who were redirected to one of these phony websites may have been unknowingly exposed to vulnerabilities that the hackers may have put there, such as phishing, malware and access to user names and passwords.
These risks apply to individuals who attempted to access the St. Louis Fed’s research.stlouisfed.org website on April 24, 2015. If you attempted to log into your user account on that date, it is possible that this malicious group may have accessed your user name and password.
The St. Louis Fed’s website itself was not compromised.
Out of an abundance of caution, we wanted to alert you to this issue, and also make you aware that the next time you log into your user account, you will be asked to change your password. In addition, in the event that your user name and password are the same or similar as those you use for other websites, we highly recommend that you follow best practices and use a strong, unique and different password for each of your user accounts on the Internet.
(TM and © Copyright 2015 CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE Logo TM and Copyright 2015 CBS Broadcasting Inc. Used under license. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)
Follow us on Twitter | Like us on Facebook