Social Media has been alive with the sound of security buffs ridiculing cryptocurrency trading platform, Enigma, for a purported hack that cost prospective customers approximately $500,000 in Ethereum.
Apparently, the breach occurred when hackers gained access to the company’s website, Slack channel and certain email lists. They then set up a fake website, sending emails which tricked some investors into sending funds in Ethereum.
However, a Reddit user is claiming this was not a sophisticated hack but some basic security failures by Enigmas CEO, Guy Zyskind.
How to get information security wrong
No mystery here.
It appears that some basic research revealed that Zyskind’s account was hacked, he used the same password for multiple sites and had administrator rights to the company’s website and Slack.
On top of which his details were on a recently hacked database (easily found), following which he never changed his password. In fact, the reporter claims it is still in use on another platform where no 2-factor authentication is enabled.
Hackers then used his compromised Google account to send emails to all his contacts. Hackers now have a list of email addresses for future phishing attacks.
All rather embarrassing for a self-acclaimed security expert and rather ironic that they chose the name Enigma, which was, as another Reddit user commented a failed crypto machine.
Lessons learned from other’s mistakes
Put in place a strong password policy and make sure all staff, even the CEO, understand and comply
As Xero’s global security standard deadline arrives, we discuss its implication for partners and ponder what’s next. Will the ICAEW and ACCA follow in the…
Keep reading >
You are only as secure as your weakest linkKeeping information secure within your organisation rests on the actions of your staff. You can develop strong…
Keep reading >
Information security is a busy calling. Keeping up with security news whilst staying abreast of recent incidents and threats can be a time consuming business.…
Keep reading >
Christmas is on its way! We’re looking forward to a bit of tinselly cheer after the endless challenges of 2020. And that’s turned our thoughts…
Keep reading >
The UK Government has recognised some of its biggest information security risks come through the supply chain and G Cloud 9 is the first serious…
Keep reading >
#21 Vampire: Vampires are terrifying. But they’re also charming. That’s because most of them can only enter your house if you invite them in.
Keep reading >
Congratulations are in order for the specialist healthcare app that recently achieved ISO 27001 certification on the first attempt using ISMS.online. Will you join them?
Keep reading >
