Yet another hack that 2FA could have prevented: 8tracks
The irony here is uncanny.
8tracks, a social internet radio service, recently announced a data breach, losing a copy of their user database, which includes email addresses and passwords. While 8tracks ensures their users that passwords are encrypted, hashed, and salted, they still recommend that users change their passwords with their service. Their CEO also moved on to explaining that their (over) 18 million users “refrain from using the same password across multiple sites,” use a password manager, and user two-factor authentication.
It’s ironic that the leak occurred through a hack of one of their employee’s Github account, and that if the employee had enabled two-factor authentication, the leak would not have occurred.
While it is unfortunate 8tracks was attacked (it’s a great service,) there are some key points to reiterate from this incident.
- Not only
big names get hacked. Hackers target any vulnerability through any website,
and no website, online service, or app is exempt from security threats.
Businesses that offer services through a web app or mobile app must offer 2FA.
your social accounts with 2FA. 8tracks mentions that users who used
Facebook or Google to authenticate are safe from this incident. However, this
is misleading, as 40% of all breaches involve social engineering (according to
Verizon’s 2017 Data Breach Investigation Report.) If you’re using Facebook,
Google, or any other social identity to authenticate with multiple services,
you’re putting all your eggs in one basket, so
enable 2FA on all social accounts. Otherwise, all a hacker needs are your
email and password (which is inherently weak) to log into Facebook, then
are weak. Hashing and salting passwords is a great practice, but your
password is already weak.
- It’s up
to all of us to be digitally safe. Businesses must educate employees and users about online safety, offering tools like 2FA. Yet it’s up to
users to use these tools –turn on 2FA!
No matter the level of irony, this won’t be the last time this happens. Let’s all learn: Businesses and users alike need to become more responsible online.