It has been revealed LocalBitcoins, a cryptocurrency exchange portal suffered a security breach that lasted for five hours. The hackers, who had created a fake LocalBitcoins login page, where able to collect the login credentials from users including the two-factor authentication details. LocalBictoins stopped the attack by taking down its forum and temporarily disabling transactions on its platform to prevent hackers from stealing money from any other accounts they had managed to compromise.
Javvad Malik, Security Advocate at AlienVault:
“This attack illustrates how companies need to take every aspect of their digital footprint seriously. Often, companies will not test or validate sites that are deemed low risk such as forums or brochureware sites. However, as in this case, attackers will look for any weakness and seek to compromise either corporate systems directly, or by targeting users.
Unfortunately, there is no easy fix to these challenges other than companies maintaining accurate inventories of all its digital assets and ensuring robust security controls are implemented and validated on an ongoing basis.”