9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
A dozen Edenred customers saw their meal vouchers stolen by hackers last year. Remarkably, Edenred itself was not hacked. About 10 Edenred customers lost their meal vouchers last
A dozen Edenred customers saw their meal vouchers stolen by hackers last year. Remarkably, Edenred itself was not hacked.
About 10 Edenred customers lost their meal vouchers last year after cybercriminals stole them. The consumer program WinWin found this out. Edenred itself was not hacked. In all likelihood, the thieves could simply log into their victims’ accounts using publicly available credentials.
The incident highlights the importance of good password hygiene. The victims did not use a unique username and password combination. Their passwords were already circulating online in combination with a similar username after another service was hacked in the past. There is no shortage of data breaches and lists of stolen data are circulating on the Dark Web where you can buy it at a bargain price.
Aspiring thieves start working with such a list and try to find out if there is somewhere they can log in where they can make money. This was the case with the Edenred victims. They have lost their meal vouchers and will not be reimbursed by the provider. Ultimately, says Edenred, it is the customer’s responsibility to keep their login details safe.
That’s right: It’s no secret that a long, unique, and strong password is essential for anyone who wants to stay safe online. Unfortunately, this rule is all too often not followed, sometimes because it is not known, often because a complex password is labeled as a āhassleā. In any case, the consequences can be serious.
On the other hand, Edenred, like its competitors Monizze and Pluxee, follows a rather lax login strategy. Multi-factor authentication is not standard for any provider, even if MFA would have successfully stopped criminals in the case mentioned above. Edenred does not offer any form of MFA at any time, so having a username and password is enough for criminals to steal checks.
Pluxee and Monizze do not protect accounts with MFA, but work with a confirmation code for transactions. This is enough to prevent simple forms of theft, such as those currently occurring at Edenred. The flaw discovered by WinWin should primarily be a lesson in the importance of a unique and strong password, but hopefully also serve as a wake-up call for Edenred and other parties to enable and, ideally, even make MFA mandatory.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
