fbpx

Download free GDPR compliance checklist!

Tag Archives for " 2FA "

Dutch DPA fines company for not using 2FA

The Dutch Data Protection Authority imposed an order for incremental penalty payments of 150,000 euros per month with a maximum of 900,000 euros because the security level of the employer portal is not adequate.

A portal operated by UWV contains employee health data. DPA decided that because the UWV does not apply multi-factor authentication when granting access to the online employer portal, security is insufficient.

Source: AP forces UWV to better protect data with sanctions | Dutch Data Protection Authority

Phone numbers users provided for security Twitter used for ad

Twitter revealed Tuesday that it mishandled an unspecified number of users’ email addresses and phone numbers, allowing that data to be used “inadvertently” for advertising purposes.

The incident marks the latest security mishap for the social-networking company, but one that could carry with it some legal headaches. Federal regulators penalized Facebook earlier this year for a similar situation.

Source: Twitter security mishap: Users’ phone numbers were ‘inadvertently’ used for ad purposes – The Washington Post

Microsoft: Using multi-factor authentication blocks 99.9% of account hacks

Old advice like “never use a password that has ever been seen in a breach” or “use really long passwords” doesn’t really help.

Microsoft says that users who enable multi-factor authentication (MFA) for their accounts will end up blocking 99.9% of automated attacks.

The recommendation stands not only for Microsoft accounts but also for any other profile, on any other website or online service.

Source: Microsoft: Using multi-factor authentication blocks 99.9% of account hacks | ZDNet

Facebook’s Phone Number Policy Could Push Users to Not Trust Two-Factor Authentication

Users are angry that Facebook is letting others, including advertisers, look up users via the phone numbers they provided to enable two-factor authentication.

What’s worse, it looks like there’s no way to completely remove your phone number that Facebook has collected. This screw-up, intentional or not, could discourage adoption of two-factor authentication, leaving people at risk of getting hacked.

Source: Facebook’s Phone Number Policy Could Push Users to Not Trust Two-Factor Authentication – Motherboard

2-factor authentication may be hackable, expert says

Cybersecurity professionals have advised enabling two-factor to add an extra layer of security — but according to at least one expert, this may not be a silver-bullet. Kevin Mitnick, who was once the FBI’s most wanted hacker and now helps companies defend themselves, found that two factor authentication can be vulnerable.

Full article: 2-factor authentication may be hackable, expert says

How Hackers Bypass Gmail 2FA at Scale

Hackers can bypass these protections, as we’ve seen with leaked NSA documents on how Russian hackers targeted US voting infrastructure companies. But a new Amnesty International report gives more insight into how some hackers break into Gmail and Yahoo accounts at scale, even those with two-factor authentication (2FA) enabled.

They do this by automating the entire process, with a phishing page not only asking a victim for their password, but triggering a 2FA code that is sent to the target’s phone. That code is also phished, and then entered into the legitimate site so the hacker can login and steal the account.

Full article: How Hackers Bypass Gmail 2FA at Scale – Motherboard

>