Social Media has been alive with the sound of security buffs ridiculing cryptocurrency trading platform, Enigma, for a purported hack that cost prospective customers approximately $500,000 in Ethereum.
Apparently, the breach occurred when hackers gained access to the company’s website, Slack channel and certain email lists. They then set up a fake website, sending emails which tricked some investors into sending funds in Ethereum.
However, a Reddit user is claiming this was not a sophisticated hack but some basic security failures by Enigmas CEO, Guy Zyskind.
How to get information security wrong
No mystery here.
It appears that some basic research revealed that Zyskind’s account was hacked, he used the same password for multiple sites and had administrator rights to the company’s website and Slack.
On top of which his details were on a recently hacked database (easily found), following which he never changed his password. In fact, the reporter claims it is still in use on another platform where no 2-factor authentication is enabled.
Hackers then used his compromised Google account to send emails to all his contacts. Hackers now have a list of email addresses for future phishing attacks.
All rather embarrassing for a self-acclaimed security expert and rather ironic that they chose the name Enigma, which was, as another Reddit user commented a failed crypto machine.
Lessons learned from other’s mistakes
Put in place a strong password policy and make sure all staff, even the CEO, understand and comply
#18 Werewolf: The thing about werewolves is that you always know when they’re going to pop up. Every full moon, regular as clockwork, there’s some…
Keep reading >
Today I think I’m turning Japanese...I really think so! (The Vapors - 1980).Why? Because I’m contemplating Kaizen and its application to information security.
Keep reading >
#21 Vampire: Vampires are terrifying. But they’re also charming. That’s because most of them can only enter your house if you invite them in.
Keep reading >
Table Of Contents:0.0.1 - Ensuring that passwords are strong and secure has always been a hot topic in the world of information security. All Alliantist…
Keep reading >
With EU GDPR high on every organisations priority list in 2017, there can be few CIO’s and CTO’s not considering its impact on business performance and…
Keep reading >
The value of managing the supply chain for information security If you were not convinced about the importance of managing your supply chain and assuring…
Keep reading >
The next CompTIA EMEA Partner and Member Conference is underway. You can meet some of the ISMS.online team and be part of some exciting new…
Keep reading >
AnnouncementBob’s Business, the cyber security awareness company, and ISMS.online, the secure cloud delivered Information Security Management System (ISMS) service, announce they are working together.Melanie Oldham,…
Keep reading >
Let me introduce myself! I'm Julia Heron, the latest team member to join Alliantist on a project to bring their new product, ISMS Online, to market.ISMS Online…
Keep reading >
Stay Informed
Join our club of infosec fans for a monthly fix of news and content.