Anthem breach stemmed from weak login security

Investigators believe hackers who broke into Anthem's network last week did so by stealing the company administrator's login credentials, according to a report from The Hill.

The hackers, who compromised the personal records of 80 million customers, got the credentials of five Anthem technology workers, and then used targeted phishing campaigns to "dupe" network administrators into revealing login information or clicking a link that granted hackers access to their computers, according to the report.

While reports emerged revealing Anthem's customer data was not encrypted, Ken Westin, a security researcher said in a Tripwire blog post that the main security flaw was weak authentication security.

"What may be a key weakness here is that it appears there were no additional authentication mechanisms in place, only a login/password or key, with administrative-level access to the entire data warehouse," Mr. Westin wrote. "In Anthem's defense, if the attackers had admin-level credentials, encryption would have been moot anyway."

More articles on the Anthem data breach:

Hackers break into Anthem: 10 things to know
8 reactions to the Anthem hack from health IT leaders and cybersecurity experts

Does Anthem need another name change?

© Copyright ASC COMMUNICATIONS 2017. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months