Hackers hit a poorly configured server to breach JPMorgan

Pierluigi Paganini December 25, 2014

Security experts involved in the investigation on the JPMorgan breach revealed that hackers exploited the lack of 2FA to compromise a server in the network.

JPMorgan suffered months the biggest U.S. banking breach of all time, and now The New York Times provided more information on the case citing sources close to the experts involved in the investigation. The news agency reported that hackers have discovered a server unprotected by two-

A few months ago JPMorgan suffered the biggest U.S. banking breach of all time, and now The New York Times provided more information on the case citing sources close to the experts involved in the investigation. The news agency reported that hackers have discovered a server unprotected by two-factor authentication to steal users’ credentials.

The two-factor authentication is strongly recommended by the Federal Financial Institutions Examination Council (FFIEC) in order to mitigate unauthorized accessed and data theft.

In August, JPMorgan reported that it was investigating a “computer hacking attack”, both the FBI and Secret Service were involved in the activity.

Data related nearly 76 million households and seven million small business accounts were exposed in the data breach occurred during the summer.

The oversight exposed data belonging to an estimated 76 million consumer households and seven million businesses. The attack was clamorous  because hackers gained access to nearly 100 servers between June and August.

“Most big banks use a double authentication scheme, known as two-factor authentication, which requires a second one-time password to gain access to a protected system. But JPMorgan’s security team had apparently neglected to upgrade one of its network servers with the dual password scheme, the people briefed on the matter said. That left the bank vulnerable to intrusion.” states The New York Times. 

Despite JPMorgan spend millions (nearly $250 million every year) to protect its systems against increasingly sophisticated cyber attack, the attackers breached the bank exploiting a poorly configured server.

JPMorgan confirmed that hackers obtained user contact information (i.e. names, phone numbers and email addresses), but other sensitive data including account numbers, passwords, user IDs, dates of birth and Social Security numbers were not stolen, according to the SEC filing.

Some experts believe that JPMorgan was targeted by a Russian or Eastern European criminal crew, others speculated a possible involvement of state sponsored hackers linked to the Russian Government.

jpmorgan hackers

The threat actor behind the attack is still unknown. The JPMorgan data breach is likely to become a case study on the potential effects of not taking basic security countermeasures for the protection of the systems of an enterprise.

Stay tuned …

Pierluigi Paganini

(Security Affairs –  JPMorgan, data breach)



you might also like

leave a comment