Back in July, five bank networks were hacked, the most notable of which was
JP Morgan Chase, which resulted in more than
76 million households' information being leaked. At first, it was suspected that a "zero-day" exploit had been utilized to gain access, but an unidentified source has indicated the real story is
somewhat more mundane.
In an interview with the
New York Times, the source indicated that a single server, which lacked two-factor authentication, was the weak link that allowed the attackers entry. Two (or more) factor authentication relies on multiple factors to add levels of security, hence the name.
The attackers were able to obtain login credentials from an employee of the firm, and (either coincidentally or deliberately) began the attack during a period of high turnover among JP Morgan Chase's cybersecurity team, many of which left to take new jobs at payment processor First Data. Even with the stolen credentials, the source said, the attack could have been prevented if the server had used simple two-factor authentication.
A growing variation for high-security enterprise logins involves three factors: something the user knows, something the user has, and/or something the user is. A passcode is obviously something a user would know. Something a user would have is a key-fob or computer the system recognizes as being the one the user always logs on from. Something a user
is involves biometric information, such as a fingerprint.
The server that was part of JP Morgan Chase's vast network of new and legacy systems, collected over years of operations and mergers, should have been enabled with a second factor of authentication, but had been overlooked. This, coupled with the employee's stolen username and password, appears to be what caused the massive breach, affecting 90 servers.