Bank of Montreal ATM “hacked” with default password

CORRECTION: This story was originally reported in 2014. Not sure why CJAD reported it as recent news, but thanks to Catalin Cimpanu for letting me know.

Original post:

So… in a story about another breach, which was also linked to using a default password, CJAD in Canada mentioned a breach that occurred last week:

Two 14-year-old high school students managed to hack into a Bank of Montreal ATM at a super market during their lunch break using an operator’s manual they found online.

When they brought up the administrator mode screen it asked for a password, to which the teens used the factory default password. To their surprise it worked.

From there they saw how much money was in the machine, the number of transactions, and other confidential information.

They notified a nearby BMO branch manager, who was nice enough to write the pair notes for being absent from school as they showed security personnel how they did it.

Of course, if this was the U.S., the teens might have been arrested. Thankfully, the Bank of Montreal had the good sense to appreciated the kids’ honesty about what they uncovered. We could use more of that common sense.

And hopefully, the Bank of Montreal has now changed all its ATMs’ passwords….

Source: CJAD, via @0x680x690x67

About the author: Dissent

Comments are closed.