JPMorgan Hack Could Have Been Prevented With A Server Update

JPMorgan Hack Could Have Been Prevented With A Server Update
Joe Mabel [CC BY-SA 3.0], via Wikimedia Commons

It turns out the JPMorgan Chase hack could have been prevented if it had consistently applied its existing security standards. JPMorgan uses two-factor authentication to prevent this kind of attack (users need both their password and a one-time pin to get access), but one of the servers was never updated. Someone found the insecure server and used it to break into JP Morgan’s network, report Matthew Goldstein, Nicole Perlroth, and Michael Corkery for The New York Times.

JPMorgan hack didn’t use a zero-day exploit

When the attack happened the assumption was that only a very sophisticated hacker, possibly state sponsored, could have broken through the bank’s sophisticated security, and Russia was widely suspected to have been involved. That’s not to say that the person or group behind the hack isn’t skilled, but it didn’t involve exploiting a zero-day vulnerability or an innovative angle of attack to pull off and the FBI no longer considers the Russian government to be a suspect in the case.

JPMorgan says that they haven’t seen any incidents of fraud stemming from the security failure, and that while personal information was compromised the hackers didn’t gain access to any account details.

What Investors Need To Know When Choosing A Private Equity Manager

investor 1652197064It's no secret that this year has been a volatile one for the markets. The S&P 500 is down 18% year to date, while the Nasdaq Composite is off by 27% year to date. Meanwhile, the VIX, a key measure of volatility, is up 49% year to date at 24.72. However, it has spiked as Read More