Social Media has been alive with the sound of security buffs ridiculing cryptocurrency trading platform, Enigma, for a purported hack that cost prospective customers approximately $500,000 in Ethereum.
Apparently, the breach occurred when hackers gained access to the company’s website, Slack channel and certain email lists. They then set up a fake website, sending emails which tricked some investors into sending funds in Ethereum.
However, a Reddit user is claiming this was not a sophisticated hack but some basic security failures by Enigmas CEO, Guy Zyskind.
How to get information security wrong
No mystery here.
It appears that some basic research revealed that Zyskind’s account was hacked, he used the same password for multiple sites and had administrator rights to the company’s website and Slack.
On top of which his details were on a recently hacked database (easily found), following which he never changed his password. In fact, the reporter claims it is still in use on another platform where no 2-factor authentication is enabled.
Hackers then used his compromised Google account to send emails to all his contacts. Hackers now have a list of email addresses for future phishing attacks.
All rather embarrassing for a self-acclaimed security expert and rather ironic that they chose the name Enigma, which was, as another Reddit user commented a failed crypto machine.
Lessons learned from other’s mistakes
Put in place a strong password policy and make sure all staff, even the CEO, understand and comply
With Valentine's Day approaching, our thoughts naturally turned to... l’amour. But we’re standards obsessives, with ISO 27001 ever-present in our mind. So we ended up…
Keep reading >
It’s that strange time between Christmas and New Year, when everything goes quiet and hardly anyone’s around. It’s one of our favourite moments, because it’s…
Keep reading >
As infosec specialists, we’re in awe of Santa Claus. He runs one of the planet’s largest, most effective and most public data gathering and management…
Keep reading >
Christmas is on its way! We’re looking forward to a bit of tinselly cheer after the endless challenges of 2020. And that’s turned our thoughts…
Keep reading >
Halloween’s here, the spookiest time of year. That set us thinking about our favourite monsters. They have a lot in common with the infosec challenges…
Keep reading >
#32 Zombie horde: Zombies are unstoppable. They just keep coming and coming. There are far too many to fight off. You’ve just got to wait…
Keep reading >
#18 Werewolf: The thing about werewolves is that you always know when they’re going to pop up. Every full moon, regular as clockwork, there’s some…
Keep reading >
#12 Phantom: Unfinished business in the past leads to undead creatures bothering the present. That’s your average phantom for you. They’re pretty unsettling until you…
Keep reading >
Stay Informed
Join our club of infosec fans for a monthly fix of news and content.
