WebProNews

Tag: 2FA

  • Crypto.com Says 483 Accounts Hacked, $35 Million Stolen

    Crypto.com Says 483 Accounts Hacked, $35 Million Stolen

    Just days after a hack that impacted user accounts, Crypto.com is revealing more details on the extent of the attack.

    Crypto.com announced on Monday, January 17, that “a small number of users experienced unauthorized activity in their accounts.” The company reassured users their funds were safe, but users were quick to dispute that claim, pointing to unauthorized withdrawals from their accounts..

    The company is now revealing a total of 483 accounts were hacked, and the equivalent of roughly $35 million was withdrawn. Fortunately for users, the company has reimbursed everyone impacted.

    On 17 January 2022, Crypto.com learned that a small number of users had unauthorized crypto withdrawals on their accounts. Crypto.com promptly suspended withdrawals for all tokens to initiate an investigation and worked around the clock to address the issue. No customers experienced a loss of funds. In the majority of cases we prevented the unauthorized withdrawal, and in all other cases customers were fully reimbursed.

    The incident affected 483 Crypto.com users.

    Unauthorised withdrawals totalled 4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies.

    Crypto.com first noticed the issue when some accounts were accessed without the corresponding 2FA input. The company halted all transactions, forced users to create new 2FA tokens, and migrated to a new 2FA architecture.

  • Twitter Adds Support for Security Keys for 2FA

    Twitter Adds Support for Security Keys for 2FA

    Twitter has added support for security keys to support two-factor authentication (2FA).

    2FA is widely considered to be an important step in securing accounts and information. With 2FA enabled, a user does not gain immediate access to their account when they log in using their username and password. Instead, they are required to take an additional step, such as confirming the login via their phone or other device, providing a fingerprint or using a security key.

    A security key has some distinct advantages over other forms of 2FA, as Twitter highlights in their blog.

    Security keys are small devices that act like keys to your house. Just as you need a physical key to unlock the door to your home, you need a security key to unlock access to your account. Security keys offer the strongest protection for your Twitter account because they have built-in protections to ensure that even if a key is used on a phishing site, the information shared can’t be used to access your account. They use the FIDO and WebAuthn security standards to transfer the burden of protecting against phishing attempts from a human to a hardware device. Security keys can differentiate legitimate sites from malicious ones and block phishing attempts that SMS or verification codes would not.

    For the time being, security keys will only work with Twitter.com, not the mobile apps. Nonetheless, the new feature is an important step in security Twitter accounts.

  • Twitter May Be Getting More Serious About Two-Factor Authentication

    Is Twitter ramping up their efforts to implement two-factor authentication to make your accounts more secure?

    Two-factor authentication (2FA), generically, is any approach to authentication that has multiple layers. Around the web (like with Google for instance), it is usually applied with a combination of a password and mobile alert. When a new device/location attempts to log on to a Google account, not only is a password required but so is a secondary authentication code sent to a user’s mobile device.

    This way, an unauthorized user would not only have to obtain your password, but also your phone in order to access your account. It’s simply another layer of security, and one that companies like Google say “drastically reduces” the chances of a bad guy getting their hands on your personal info.

    The Guardian points to a job posting on Twitter’s employment site. The post is for a full-time software engineer in the specialized area of product security. Among the duties of said position is to “design and develop user-facing security features, such as multifactor authentication and fraudulent login detection.”

    As you may remember, Twitter made a pretty bad screw-up last November when they accidentally reset a bunch of passwords for accounts that hadn’t actually been compromised, following a hack that did see some accounts compromised.

    Like any online service, Twitter accounts are vulnerable to being compromised and used for nefarious purposes – whether that be malicious spam messages or simply hijacking tweets in order to expose or embarrass.

    In the past, Twitter has stated that they’ve “certainly explored two-factor authentication,” but to date the company has made no public declarations of intent. While this job posting is far from conclusive evidence that Twitter plans to implement 2FA, it does suggest that they are looking for personnel that could possibly draw up such a system.