ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Friday Jun 22nd 2018
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Contact Us

Warning: EDCON Registration Website Hacked

By

Jim

Manning

WriterETHNews.com

The registration website for Ethereum development conference EDCON was hacked, compromising names, emails, and phone numbers.

EDCON, the Ethereum European Development Conference, is being held in Paris from February 17-18, 2017. The event, organized by LinkTime (a startup developing on Ethereum), will cover Ethereum’s base-layer technology, privacy, Dapps, current research regarding Proof-of-Stake and scalability, the growing Ethereum community, and more.

According to a reddit post by LinkTime CEO Pandia Jiang, the EDCON registration website was hacked. The hacker, who went by the alias The DAO Hacker, posted all of the stolen information online. Due to the unsecured nature of the registration website (a major oversight) the hacker was able to access the names, email addresses, and phone numbers of registrants. Pandia Jiang’s post reads:

“Hello everyone, I am the LinkTime CEO, Pandia Jiang.

The EDCON registration website was hacked recently, leading to names, email addresses and phone numbers being leaked. I wanted to clarify a few things about the EDCON registration website hack.

  1. First, we are very sorry for any troubles caused to anyone participating at the conference because of us not taking sufficiently complete security measures on our website to prevent the hack. We hope people affected can take any necessary measures to protect their information.
  2. Any issues have nothing to do with Vitalik or the Ethereum development team or Ethereum technology.
  3. We are trying out [sic] best to help Ethereum grow and support the community, and even if we make mistakes we hope that our community will continue to work hard and push forward; we look forward to Ethereum's contiuing [sic] success.
  4. We have already handled the present security issues with the website, everyone please stay calm.
  5. We thank the hacker for their interest and suggestions; we will continue to work hard and improve. Thank you.

In the end, We wish everyone a happy Valentine's day.

Pandia”

Jiang is being upfront about what happened, and making sure to point the blame away from Ethereum. The hacker seems to have done this simply because they could. When they dumped the info online, the hacker mentioned they “choose to publicly disclose everything, instead of ransom, racketeering, phishing users or organizers.” Except what they did is just as bad, as they effectively doxxed every registered EDCON attendee – releasing a fair amount of their identifying information to the public.

As a warning to anyone who registered for EDCON, it’s recommended you turn off two-factor authentication (2FA) on all your accounts. This is due to an attacker’s ability to hijack your phone number for themselves by using your compromised information to convince your phone company's customer service that they're you (which is apparently quite easy and a major security flaw). Then, using 2FA, they can reset passwords to your accounts. The attacker does this by sending a confirmation code to your phone number, which you won’t see because the hacker controls your number now.

When there’s a chance your information has been leaked, there are some common precautionary steps worth taking. Remove your phone number as 2FA from your accounts, and change all your passwords. This is also a good time to rethink the strength of your passwords. If you’re still interested in using a form of two-factor authentication, then it’s recommended you use Google Authenticator.

Authenticator is an app built just for authentication that’s more secure than an SMS text messaged code. Because it’s an app, not only would an attacker need your phone number, they’d also need your actual device to proceed with 2FA. This is different from just Google 2-Step Verification, which simply uses your password and your phone number. Google Authenticator adds another layer of security to 2FA by generating verification codes on your mobile device, all without a data connection. So in addition to your password, you’d need a Google Authenticator generated code to access an account. Since the code is generated offline, it offers protection against any sort of man-in-the-middle attack.

Social engineering is becoming popular as a way to hack through people, instead of through machines. Something as simple as a compromised phone number can lead to a person losing access to all of their accounts. Two-factor authentication is intended to increase security, but sometimes has the opposite effect. Remain aware of this fact, and make sure you’re following best practices to secure your accounts and crypto-assets.

ETHNews will be actively following this story for potential updates.

Jim Manning

Jim Manning lives in Los Angeles and has been writing for websites for over five years, with a particular interest in tech and science. His interest in blockchain technology and cryptocurrency stems from his belief that it is the way of the future. Jim is a guest writer for ETHNews. His views and opinions do not necessarily constitute the views and opinions of ETHNews.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest EDCON, cybersecurity or other Ethereum ecosystem news.