Hackers exploited an employee password to crack into JP Morgan Chase and access 83 million user’s data.
The incursion started in June, according to the people familiar with the bank’s review. The hackers entered a web-development server with an employee’s user name and password, then wormed their way into the lender’s network, sources said.
The server was a soft spot in the bank’s armor that lacked safeguards normal in other parts of the network such as two-factor authentication. From that server, the intruders found more vulnerabilities in JPMorgan’s custom software unknown to the firm’s security team that gave them access to the main data banks.
VIEW FULL STORY