Comment by bhtru

This was how Simplii and BMO (two Canadian banks) were hacked earlier this year.

> The hackers explained that they were able to breach the banks’ sub-par security by using an algorithm to generate account numbers and then posing as customers who had forgotten their passwords.

“They were giving too much permission to half-authenticated account which enabled us to grab all these information,” the email said, adding that the system “was not checking if a password was valid until the security question were input correctly.”

Source: https://www.ccn.com/hackers-demand-1-million-in-xrp-after-br...