Someone reportedly hacked Deloitte through an account without two-step verification

CERT-LatestNews Security News ThreatsCybercrime Uncategorized

Image: Alex Segre/REX/Shutterstock

One of the world’s largest accounting firms has been hacked.

Hackers broke into a Deloitte administrative account, according to The Guardian, and stole emails and other information pertaining to Deloitte clients. 

Deloitte brought in $37 billion last year for its consultancy in the areas of taxes, auditing, and — uh oh — also cybersecurity, which makes the way these hackers broke into Deloitte all the more embarrassing. 

The account that hackers broke into didn’t have two-factor verification, according to The Guardian. (Two-factor verification prompts a passcode to be sent to your phone after you sign into your email with a password. Hackers would need both your password and a way to read your texts to access your account.) 

It’s unclear which of Deloitte’s clients were affected by the attack, but The Guardian wrote that some companies are “household names” and other clients include “U.S. government departments.” We reached out to Deloitte to ask about specifics, and we’ll let you know if we hear back.

Deloitte reportedly knew about the hack in March. Attackers gained access to the company’s emails back in October or November of 2016. 

Speaking with The Guardian, a Deloitte representative described the number of clients affected as “very few” and said “no disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.”

This spokesperson also said the company will “remain deeply committed to ensuring that our cybersecurity defenses are best in class…” 

Perhaps they should start with two-step verification.

Https%3a%2f%2fblueprint api uploaders%2fdistribution thumb%2fimage%2f80316%2ff500b367 c74e 4fa7 97cd cde8f19f3003