Yet another hack that 2FA could have prevented: 8tracks

It’s ironic that the leak occurred through a hack of one of their employee’s Github account, and that if the employee had enabled two-factor authentication, the leak would not have occurred.

While it is unfortunate 8tracks was attacked (it’s a great service,) there are some key points to reiterate from this incident.

  • Not only big names get hacked. Hackers target any vulnerability through any website, and no website, online service, or app is exempt from security threats. Businesses that offer services through a web app or mobile app must offer 2FA.
  • Secure your social accounts with 2FA. 8tracks mentions that users who used Facebook or Google to authenticate are safe from this incident. However, this is misleading, as 40% of all breaches involve social engineering (according to Verizon’s 2017 Data Breach Investigation Report.) If you’re using Facebook, Google, or any other social identity to authenticate with multiple services, you’re putting all your eggs in one basket, so enable 2FA on all social accounts. Otherwise, all a hacker needs are your email and password (which is inherently weak) to log into Facebook, then everything else.
  • Passwords are weak. Hashing and salting passwords is a great practice, but your password is already weak.
  • It’s up to all of us to be digitally safe.  Businesses must educate employees and users about online safety, offering tools like 2FA. Yet it’s up to users to use these tools –turn on 2FA!

No matter the level of irony, this won’t be the last time this happens. Let’s all learn: Businesses and users alike need to become more responsible online.

Omni-channel messaging is here

Check out our latest webinar going over the details (plus a demo) of the intelligent A2P messaging API.
Learn more