December 23, 2014
The hackers that filched the data of roughly 83 million JPMorgan Chase customers earlier this year were able to do so because a server lacked two-factor authentication, the New York Times has reported.
Unnamed sources told the publication while most servers at the financial institution were protected with two-factor authentication, one left vulnerable was able to be accessed after the hackers stole the login credentials of a JPMorgan employee.
Two-factor authentication makes it much more difficult for hackers to gain access to data or user accounts because it requires more than a simple password. A unique code is sent to the user on their Smartphone or device to enter along with his or her password.
According to the Times’ report, had JPMorgan Chase’s security team employed two-factor authentication to all of the company’s serves, the attack would likely have been foiled.
Although the hackers were able to gain access to more than 90 servers at the bank through the one that was unprotected, security discovered and blocked the intrusion in August.
The hackers were able to grab the names, addresses, phone numbers and e-mail addresses of customers as well as, in some cases, the line of business the customers were involved in.
“There is no evidence that financial data such as account numbers, passwords, user IDs, dates of birth or Social Security numbers were accessed, acquired or compromised,”JPMorgan said on its site in an Oct. 2 post. “We have identified and closed the known access paths. We have no evidence that the attackers are still in our system.”