Cyber security news for all

More

    Crypto loan provider BlockFi has been attacked by hackers

    The US company BlockFi, which specializes in crypto loans manages more than 500 million US dollars in various cryptocurrencies. Many investors also entrust with their Bitcoin and other cryptocurrencies in order to collect attractive interest. But now the news is startling that BlockFi has been targeted by cybercriminals.

    As reports, attackers managed to hijack an employee’s cell phone using a SIM swap. This left access to the BlockFi back office to hackers for more than an hour. However, no sensitive customer data such as credit card information has been stolen and attempts to transfer funds from BlockFi to third party accounts have failed. BlockFi’s community has expressed disappointment at the lack of prompt and detailed disclosure regarding the data breach as the announcement came four days after the hacking attempt.

    Background To The Attack On BlockFi

    BlockFi admits that the hackers entered the internal system. Customer data was used for marketing, including details of name, email address, home address and activity log. With this information, it is normally not possible to carry out monetary actions, since passwords or other identification methods are also required. According to BlockFi, the attack was quickly recognized and a second attempt was already prevented. As immediate measures, access rights to employees and internal systems were restricted and their cell phones were provided with a security update.

    Advises That Accounts Must Be Secured With Two Factor Authentication

    2FA should be handled better via an authentication app. Those who do without 2FA run the risk of losing control of their account by simply clicking on ‘forgot password’. Because if they control an e-mail account, they can quickly be successful without 2FA.

    As a second security measure, BlockFi recommends activating whitelisting. This means that wallet addresses are only activated for withdrawals after 3 days, so that in the worst case scenario, customers have more time to react to suspicious actions and prevent their funds from running out.

    Recent Articles

    Hackers send malicious Azure Cloud apps to Microsoft

    Microsoft has banned some Azure Cloud applications from its cloud that the company identified as part of an attack infrastructure. Microsoft describes the approach...

    Vodafone experiences a vulnerability with fatal effects

    The injected JavaScript can access the session cookies from Vodafone website and send them to a server. An attacker can take over the session...

    Maze leaks data on its own platform

    The Maze ransomware has been up to almost a year and a half. This week, security experts warned about the actions of the cyber...

    Emotet to spread the malware behind email archives

    If you find an attached pack to an email these days, you should be particularly careful: the highly developed malware Emotet could be lurking...

    500,000 Activision accounts have been leaked

    Activision has taken a position on the alleged leak. According to the publisher, there has never been a data leak. In some cases it is...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox