There are many times that two-factor authentication system has come in and helped us in a lot of ways. It is a godsend that has been sent to help us secure our accounts. It keeps our accounts safe, and also notifies us in any case if there are any attempts to break into your accounts. That means even if you lose your password, you somehow know thanks to two-factor authentication system.
However, it seems like hijackers have now found ways to maneuver through the security measure. Alex McCaw, co-founder of the data company API, Clearbit shared screenshots of a text of how hackers had been attempting to break into one of his Google accounts.
McCaw managed to list the ways in which the hack can work.
- Firstly the attacker sends the unsuspecting victim claiming that they are from one particular company.
- In the text message sent, the hackers tell the victims that their account has been compromised, and they should therefore send the two-factor authentication code which they would be required to send back to the hackers.
- The victim, unsuspecting of the attempt, and wanting to get on top of things sends the message back to the hackers unknowingly.
- The hacker then uses the code sent to them and after that, they break into the account.
The attackers have even been clever enough to change their identity and make it look like they are coming from an official company such as Google, Facebook or Apple rather than an unknown number that they usually send through them.
However even after all these attempts, the hackers still need the accounts password, and they have many ways they can use to get the information they need. Through scourging after various data dumps and also from old email and usernames hacks from which they then use on various other sites. This works most of the times because many people reuse their passwords and usernames on various other multiple accounts and other platforms.
Over the past few weeks, a lot of data from some of the most notable social media sites such as LinkedIn have been circulating on the web and the hackers might have used this information. So for those who reuse passwords on several sites, be aware that hackers might be using them.
Be warned, there's a nasty Google 2 factor auth attack going around. pic.twitter.com/c9b9Fxc0ZC
— Alex MacCaw (@maccaw) June 4, 2016
Alex McCaw shared the message he received from hackers on his Twitter account. He also advised people to be vigilant when it came to their passwords, and they should always keep them updated. Also, do not share two-factor authentication codes with anyone even when the messages appear legitimate.