Did someone forget to turn on 2FA?
Deloitte, one of the world’s “big four” accountancy firms, has fallen victim to a cyberattack that exposed sensitive emails to hackers.
The IT security breach dates back to November 2016 but was only discovered in March 2017 and reported on by The Guardian. Hackers gained access to Deloitte’s email system through an administrative account that was not secured using two-factor authentication, The Guardian reports. Emails to and from Deloitte staff were hosted on Microsoft’s Azure cloud service. As well as email, hackers may have had access to “usernames, passwords, IP addresses, architectural diagrams for businesses and health information.”
The network breach is said to have been US-focused. While it it hasn’t been confirmed exactly what was stolen, compromised mail servers can be a good source of sensitive information for an attacker, allowing them to siphon off message content and attachments. This is why multi-factor access control such as two-factor authentication is important, especially for admins. It makes it much harder to gain illicit access in the first place, and provides a warning if someone is trying to log in without your knowledge.