An update on the Magnetik.com Security Incident
On Monday, February 12, 2018, Magnetik was the victim of cyber theft.
An unknown Bad Actor used a known security flaw in the T-Mobile account system to steal my personal cell phone number. The Bad Actor used my cell phone to trigger password reset recovery messages via text messages as well as receive 2 factor authentication codes.
The hacker was then able to utilize stolen identity data from Equifax to convince the accounts team at GoDaddy to give him access to our GoDaddy account, where our domains are hosted. They then proceeded in short order to:
- Route mail to their own server.
- Unlock Magnetik.com as well as Doug’s personal domains.
- Transfer those domains out of GoDaddy altogether, giving them complete control of email delivery at those domains.
As a practice, we use Two-Factor Authentication on all key accounts. But since the criminals had Doug’s cellphone, they were able to use 2FA texts to get into his personal account.
Within 15 minutes we were able to lock down the company’s Google GSuite apps, so at no point did the criminals have access to Magnetik employee email or documents.
All company passwords and accounts are stored inside a tool called 1password and as such were never exposed to any outside activity according to activity logs.
We immediately attempted to send out a notification to all Magnetik clients via our extranet but only 50% of the messages were sent before our mail server lost DNS to the hacker. The Magnetik Client Extranet went offline because the hacker moved the magnetik.com domain, but at no point did they have access to the physical server where our extranet is stored, which has 2-factor authentication tied to an authenticator.
We have reviewed access logs for all of our cloud storage accounts (google, AWS) and ensured that no unrecognized IPs or logins were present
To the best of our knowledge, the attack was mainly directed at my personal accounts and information, not Magnetik (unfortunately for me…).
How to contact us now
We immediately instituted a backup domain (magnetik.nyc) to use for email and account access, and proceeded to reset/update any accounts that used magnetik.com email addresses. If in doubt, call the office at 212-244-2048 and connect with me or anyone on the team.
Magnetik employees can now safely be reached at magnetik.nyc email addresses and our client site is back up with a .nyc domain.
- Be sure you are using two-factor authentication (preferably tied to an authenticator, not cell phone) across all your accounts
- Be sure your business and personal cell home numbers have Port Validation enabled (call your cell phone provider and ask for this today. If you are on T-Mobile, call yesterday!)
- Ensure all critical passwords are stored in a secure service like 1password (this saved our butts!)
- Have a disaster plan in place – know what to do should the worst happen.
If you have any questions or concerns, please do not hesitate to call the office or contact me directly. We sincerely apologize for any disruption this has caused you.
Doug & The Magnetik Team