P2014-ND-09

DealerTrack Canada Inc.

A successful social engineering attack was carried out on October 13, 2013, targeting Toyota City, Wetaskiwin, Alberta. Toyota City uses the DealerTrack application managed by the Organization. An attacker called an employee of Toyota City while impersonating an employee of the Organization. The attacker requested and obtained the Toyota City employee?s authentication credentials (user ID, PIN and security questions) for the DealerTrack application. The compromised account was an administrative (i.e. privileged) account. The attacker used the compromised administrative account to access personal, financial and employment information of individuals from three different lending organizations. The attacker also used the privileges of the compromised account and created a generic account. The attacker unsuccessfully attempted to use the generic account to access similar information.

File Type: pdf
Categories: 2014