Forgetting to activate 2-Factor Authentication led to the JPMorgan Chase being hacked
JPMorgan Chase was at the receiving end of one of the biggest data breaches in history earlier this year when hackers breached and exposed its internal computers. By the time the bank’s security team got a whiff of the intrusion, 83 million client records had been exposed. As usual, an investigation followed which came to the finding that the leak might have been a result of someone forgetting to activate 2-factor authentication.
2 factor authentication adds an extra step to log into the machine and makes it that little extra harder for a attacker to hack into a system. A user wishing to log in, needs to know the password along with another code, that might be generated new for each instance. The New York Times reports that technicians at JPMorgan Chase had failed to upgrade one of its network servers with the 2-factor authentication feature, meaning that access was possible if the hackers knew the single password or brute forced it. The investigation into the JPMorgan hack points out that the failure of the technicians to enable 2-FA allowed the hackers to get into the system and use that intrusion to launch further and more devastating attacks on their servers.
Once an attacker manages to get into the system, it is easier for them to use that foot hold as a launch pad to bigger and greater attacks. It is one of the oldest trick in the book and the same occurred in this case.
JP Morgan had in September 2014 admitted to the data breach. The breach resulted in the leaking of names, addresses, phone numbers and e-mail addresses of 83 million account holders had been exposed in one one of the biggest data security breaches in history. 76 million of those, along with seven million small biz customers, had their private financial information publicly exposed as a result of the breach, which was rumoured to be the handiwork of Russian cyber-criminals.
The attack was detected by the bank’s internal security team, but the data leak had already occurred by then. The bank has tried to play down the breach as no major crime has been committed with the stolen data so far. The main risk comes from the possibility that crooks might be able to produce more convincing phishing attacks using the stolen information.
Further it is known for the cyber criminals to hold on to payment card details for a long time known as the ‘cooling period’ till the din about the breach has died down and then use the details to commit fraud or identity theft or simply sell them on underground forums for something sinister.