Author

Topic: Can a hacker access accounts with 2FA GAuth? (Read 2270 times)

newbie
Activity: 44
Merit: 0
February 23, 2015, 01:05:39 AM
#11
I mean, I have other bitcoin accounts.  I have other coins in multiple places.  2FA being on my phone of course.  All those coins are safe and have always been safe.  I don't see why my havelock just happens to get hacked when all my other accounts are just fine.
legendary
Activity: 1159
Merit: 1001
February 21, 2015, 05:55:23 PM
#10
Can someone explain to me, how a hacker would attain an account on a website that is protected by 2FA with Google Authentication?

My havelock investments account was hacked.  I have 2FA authentication enabled, and yet, it was nothing to them.  How is this possible?

Also, my computer is virus free.  I don't download suspicious files and I definitely don't run them.  I would consider myself technologicaly savvy, especially enough not to be infected with something malicious.
Of course, after this happened, I scanned my whole computer with MBAM, ADwCleaner, and Avast.  They found nothing, nothing at all.

Did you do a backup of the initial QRC code?  I always do a backup then PGP encrypt that backup image.  I suppose, if that image was not encrypted then it could've been recovered somehow.

More likely, sounds like an inside job as suggested previously.
sr. member
Activity: 968
Merit: 250
February 21, 2015, 04:28:51 PM
#9
lets wait til they are done with maintenance to see whats up. this is not good, it needs to be address and dealt with if its on their end. but it could be ur phone as well.  i bought a second  phone just for 2fa , i cut the interweb off and never download any apps. if my act were to be "hacked"  i know its an inside job. its a good investment for ur  investments if ur a heavy investor. anyhow, it will be good for all of us if we figure out if it was ur end or them
legendary
Activity: 3878
Merit: 1193
February 21, 2015, 03:57:05 PM
#8
My havelock investments account was hacked.  I have 2FA authentication enabled, and yet, it was nothing to them.  How is this possible?

You need to ask Havelock. Was 2FA disabled? When was your account accessed, and was 2FA code entered?
newbie
Activity: 44
Merit: 0
February 21, 2015, 01:42:27 AM
#7
Where you keep your private key for 2FA?
What device you use to generate the 2FA - is that virus free too?
Were your computer and 2FA device virus free when you enabled 2FA?

These are some problems to think about. If all this don't lead to a possible backdoor, then the only solution remaining would be a fraud from the website where you had the money.
My private key would be on my Android phone.  The phone is running AOSP and there are just but a few games on there and some Apps I use for day to day.  I don't really see my phone getting infected.
My computer was virus free.  I really can't see myself getting a virus and I do not install malware on my computer.

I don't think I'll trust havelock anymore.  They stopped replying to my E-mails, so I don't think they have any plans of returning my coins.
legendary
Activity: 1540
Merit: 1013
February 20, 2015, 08:24:59 AM
#6
Can someone explain to me, how a hacker would attain an account on a website that is protected by 2FA with Google Authentication?

My havelock investments account was hacked.  I have 2FA authentication enabled, and yet, it was nothing to them.  How is this possible?

Also, my computer is virus free.  I don't download suspicious files and I definitely don't run them.  I would consider myself technologicaly savvy, especially enough not to be infected with something malicious.
Of course, after this happened, I scanned my whole computer with MBAM, ADwCleaner, and Avast.  They found nothing, nothing at all.

never ever keep your GA at your computer too, there is a lot malware that enable a hacker to access our computer, id suggest to put it somewhere else, and btw some malware isnt really detected by antivirus
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
February 20, 2015, 03:41:53 AM
#5
Can someone explain to me, how a hacker would attain an account on a website that is protected by 2FA with Google Authentication?

My havelock investments account was hacked.  I have 2FA authentication enabled, and yet, it was nothing to them.  How is this possible?

Also, my computer is virus free.  I don't download suspicious files and I definitely don't run them.  I would consider myself technologicaly savvy, especially enough not to be infected with something malicious.
Of course, after this happened, I scanned my whole computer with MBAM, ADwCleaner, and Avast.  They found nothing, nothing at all.

Where you keep your private key for 2FA?
What device you use to generate the 2FA - is that virus free too?
Were your computer and 2FA device virus free when you enabled 2FA?

These are some problems to think about. If all this don't lead to a possible backdoor, then the only solution remaining would be a fraud from the website where you had the money.
hero member
Activity: 572
Merit: 506
February 20, 2015, 03:33:18 AM
#4
May be you should think about people having access to your 2FA device?
Otherwise, assuming everything is OK with the website where your account was hacked, it must be a trojan on your computer, from which you enabled 2FA. They only need a screenshot of the secret code either in form of a QR code or in text form.
sr. member
Activity: 672
Merit: 250
Most Advanced Crypto Exchange on the Blockchain
February 20, 2015, 12:05:38 AM
#3
My LocalBitcoin account got hacked with 2FA enabled and
their staff didnt help me recover or refund anything.  Its
not impossible to get around I guess.
hero member
Activity: 672
Merit: 502
February 20, 2015, 12:00:20 AM
#2
Don't know how hackers hack man but I would guess they somehow got hold of the 2fa key which enabled them to make codes. I wouldn't be surprised if it was an inside job.
newbie
Activity: 44
Merit: 0
February 19, 2015, 09:11:32 PM
#1
Can someone explain to me, how a hacker would attain an account on a website that is protected by 2FA with Google Authentication?

My havelock investments account was hacked.  I have 2FA authentication enabled, and yet, it was nothing to them.  How is this possible?

Also, my computer is virus free.  I don't download suspicious files and I definitely don't run them.  I would consider myself technologicaly savvy, especially enough not to be infected with something malicious.
Of course, after this happened, I scanned my whole computer with MBAM, ADwCleaner, and Avast.  They found nothing, nothing at all.
Jump to: