It turns out the JPMorgan Chase hack could have been prevented if it had consistently applied its existing security standards. JPMorgan uses two-factor authentication to prevent this kind of attack (users need both their password and a one-time pin to get access), but one of the servers was never updated. Someone found the insecure server and used it to break into JP Morgan’s network, report Matthew Goldstein, Nicole Perlroth, and Michael Corkery for The New York Times.
JPMorgan hack didn’t use a zero-day exploit
When the attack happened the assumption was that only a very sophisticated hacker, possibly state sponsored,...