Users Robbed Due to Microsoft Errors? – Enable 2 Factor Authentication Now
There is an interesting story here. Microsoft has acknowledged that its @outlook.com, @msn.com and @hotmail.com services were compromised and some data was revealed to hackers. Initially Microsoft said,
We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account. This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments, between January 1st 2019 and March 28th 2019.
Unfortunately they seemed to have made a mistake in this notification (or lied) because a few days later Motherboard reports that they confirmed that email contents and attachments had also been revealed.
If You Have a Crypto Business
This issue only affected free email services because customer support agents don’t have access to corporate accounts like Office 365 Business but there are many other threats and you can use CRYPTOSTAR.MONEY to find security consultants for your business.
If You Have “free” email service you are at risk
Microsoft is a conscientious service provider and if they suffered a breach in their consumer services then I am sure that others such a Gmail and Yahoo Mail will have similar problems. You should assume that any free email account could be compromised in the future or has been compromised in the past.
Crypto Users were Robbed
Hackers had access to user’s email accounts and noted which crypto exchanges they were using. It was then simple for them to use the exchange’s password reset feature to take control of the user’s account and remove its contents.
CoinDesk reports that “one victim, named Jevon Ritmeester, posted on the Tweakers forum that his Kraken cryptocurrency exchange account had been hacked and that he lost around 1 bitcoin (worth about $5,260 at press time) as a result”.
What can you do to protect yourself?
The goal of computer security is to
- have a strongly authenticated person
- use a trusted device
- in a secure location
So don’t make your password “123456” and login to your bank account using your mate’s phone in nightclub under a CCTV camera on a unsecured wireless network – right?
Two factor authentication (2FA)
Now we have the basics right, we can talk about two factor authentication (2FA). There are 3 factors that we can use to authenticate someone,
- What they know – a username and password
- What they have – a token
- Who they are – biometrics
When exchanges talk about 2FA they are saying that a second factor is required and this is typically your phone. They will invite you to pair your phone with your exchange account and then each time you login you will be asked to provide a “magic number” from an app on your phone or a text message. This ensures that a hacker cannot login without your phone.
When you first pair your phone it is very important that you print out and file the secret key you are given. Otherwise if you lose your phone you won’t be able to access your account. If your exchange does not give you the option to back up your key then you should use Authy instead of Google Authenticator and set a password.
You should not make day-to-day payments from your exchange account. You should have a separate wallet for which you have the keys and make all payments to and from the exchange account using this wallet. Most exchanges will allow you to “whitelist” an account and withdrawals can only be made to this address. This adds an additional layer of security.
- What do you think? Add a comment below,
- Sign-up to our mailing list
- Find security consultants for your business