JP Morgan Got Hacked Because It Forgot To Enable Two-Factor Authentication On A Server
The New York Times is reporting that the hack took place due to a simple blunder by the bank's IT staff. The hackers shouldn't have been able to access the servers at all, and they wouldn't have been able to if the bank's security system had been properly rolled out.
But hackers were able to steal login information for a JP Morgan employee and used that information to log into the company's network. There should have been a second layer of security present that would have stopped the hackers, but the bank's security team had forgotten to introduce it on one network server.
Two-factor authentication involves a second password which only works once. These one-time passwords are often generated at random, and sent by text message to cellphones, since that's an easy way to verify someone's identity.
JP Morgan uses a two-factor authentication system for its internet computer network, but the second password wasn't needed by the hackers to break into the network. The New York Times says the bank is now investigating whether there are other security holes that could give hackers access to its network.