Network intrusion; Social engineering; Unauthorized use of system administrator privileges

Financial Services

Syrian Electronic Army hacktivist group breached the MasterCard Blog (https://insights.mastercard.com) and inserted a new blog post on the website with title "Hacked By Syrian Electronic Army.” Mastercard’s blog indicated it was published using Wordpress 3.3.2 version, an outdated version. The older version is vulnerable to “flaws like Cross Site scripting, File upload vulnerability, Cross-site request forgery (CSRF) etc" that could have provided an entry point for hackers. Another possible doorway:  There is a forgery exploit hackers can obtain online “that allows attacker to add a new admin user, using bit of social engineering with administrator.”