Clearpath FCU, an $87 million credit union headquartered in Glendale, Calif., has acknowledged its website was hacked and subsequently taken offline by the vendor that hosted the site.
The event happened “around two weeks ago,” said John Lee, Clearpath executive vice president and chief operating officer.
He stressed that no member data was compromised in the attack. “Pretty much nothing was impacted,” said Lee, except of course for the removal of the site from the Internet.
That happened, said Lee, because the hackers had turned the site into a weapon that they were using against other sites.
When the host detected that, the webhost took the site down and notified Clearpath. Hackers had control of the site for “less than 24 hours,” said Lee.
The hackers apparently exploited an unpatched vulnerability in the site’s architecture. “The lesson learned,” said Lee, “is to always have the latest upgrades. That makes you less vulnerable to hackers.”
Although the Clearpath landing page is offline – and probably will be for some time as Clearpath redesigns its Web presence – Lee said members can still access the range of online services by going to a temporary page and clicking through to services such as online banking.
The Clearpath attack is not believed to have any relationship to the attacks Anonymous had said it was planning to unleash against leading banks and credit unions on May 7.
The Anonymous attack of course turned into something of a non-event, as no financial institutions have reported any Anonymous-led attacks of significance.