Click to Skip Ad
Closing in...

A simple security oversight was responsible for the massive JPMorgan Chase hack

Published Dec 24th, 2014 6:00PM EST
JPMorgan Chase Hack
Image: The Miller Group

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Earlier this year, JPMorgan Chase was the victim of a massive data breach, but the attack might have been avoided if the bank had installed a “simple” security fix, The New York Times reveals. Apparently, an unsecured server on the bank’s computer network was targeted by hackers, who then were able to steal personal data belonging to tens of millions of Americans.

FROM EARLIER: North Korea’s statement on the Sony hack is as hilariously insane as you’d expect

According to people familiar with the investigation, the financial institution might have been able to prevent the intrusion had it not been for a server that lacked a simple security feature most people are familiar with: Two-factor authentication.

After stealing credentials from a JPMorgan Chase employee, hackers were then able to access the bank’s computer network and gain high-level access to more than 90 bank servers. From there, hackers stole account information for 83 million households and businesses in the U.S.

The server used to infiltrate JPMorgan lacked the two-step authentication scheme, meaning that hackers did not have to obtain a second password in addition to the stolen login information to access the bank’s system.

Apparently, the simple vulnerability the hackers took advantage of surprised investigators, who initially believed a more complex hack was used to breach the system.

While not all details of this ongoing investigation have been revealed, it appears that a sophisticated zero day attack was not used in this data breach. The simple nature of the attack that ultimately defeated a security system costing JPMorgan some $250 million each year, also explains why other financial institutions that have two-factor authentication in place were not also hit.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.