“The #hackers waited five days to test the #IT contractor's admin account credentials by logging onto Medibank's #Microsoft Exchange server. About 11 days after that, they got into Medibank's "Virtual Private Network" (VPN) which controlled remote access to its corporate network. They were only able to do so because Medibank, the $10 billion juggernaut and keeper of secrets for more than 9 million people, didn't require what's called "multi-factor authentication" for its #VPN, according to the commissioner's filings. This requirement for two or more ways of proving a user's identity was even then a bog-standard safeguard for large organisations.”
#Medibank / #MSExchange / #2FA / #hack / #AleksandrErmakov <https://abc.net.au/news/2024-06-22/medibank-alerts-australia-cybersecurity-breach/104003576>