[Durus]

I’ve never read that Citi was hacked. Target wasn’t hacked as much as an admin password was “found”, regardless they read passwords directly from databases, not through users password field entry.

[Rashputin]

Three companies, Citibank being one of them, had their DB hacked due to someone starting with a program that captured input from both users and administrators who were logging in over the web (which I would have thought wouldn't be permitted or would be more secure than HTTPS for admins, so go figure, maybe he didn't want to give details).

People with privilege logging in remotely having their passwords captured was the root of the problem.

My daughter is finishing up her Masters in Computer Forensics and Security and got all this from a lecture she attended recently, beyond that I don't recall the specifics. I'll take her word as being correct, you take my word as being BS, we'll both be happy.