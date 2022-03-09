After the cyberattack suffered this week, Mercado Libre activated new security protocols REUTERS/Agustín Marcarián

Some 300,000 Mercado Libre and Mercado Pago accounts were allegedly hacked by a group of cybercriminals, who in recent hours claimed responsibility for the attack. The company itself, founded by Marcos Galperin, acknowledged on Monday that the data of these users was accessed through unauthorized logins. In this context, people who have digital accounts can activate an extra layer of security to the one that already exists in all digital wallets and that is set by the username and password. This is two-step verification, a mechanism that serves to add a second barrier, avoid attacks by cybercriminals and not suffer possible scams.

“We have recently detected that part of the Mercado Libre source code has been subject to unauthorized access. We have activated our security protocols and are conducting a thorough analysis,” the company said in a statement.

The attack was awarded by the Lapsus$ group, who was responsible for making the action go viral, and industry experts say that their intention is to “collect a ransom” for the stolen data. But there is also fear for the security of the platform since criminals have information that can allow them to continue carrying out new attacks and scams on users.

The association of these mechanisms raises security levels, making it possible to limit by 100% the cases of phishing. This extra step that protects our data can be activated in social networks, banking services, instant messaging, among others (Lima)

This group of hackers extorts money through ransomware, as data hijacking is called, and has already attacked other major companies. In addition, he had published a survey in which he had proposed the hacking of 24,000 MercadoLibre and MercadoPago repositories.

Lapsus$ made headlines a few days ago for another computer attack, this time against Nvidia, the world’s leading developer of integrated circuits and graphics technology processors. Nvidia was the victim of a cyber attack that compromised confidential company information. Lapsus$ took responsibility for the fact and said that it was able to extract 1 terabyte of data.

Meanwhile, Mercado Libre stated in a statement: “Although the data of approximately 300,000 users (of almost 140 million unique active users) was accessed, so far – and according to our initial analysis – we have not found any evidence that our infrastructure systems have been compromised or user passwords, account balances, investments, financial or payment card information have been obtained. On the other hand, he assured that “strict measures were taken to avoid new incidents.”

Two-step verification can be through receiving security codes on the cell phone through text messages, whats app or even through a call

The cyber attack was also confirmed to the SEC (the Securities Commission) of the United States, while the shares of the company in New York suffered a sharp drop on Monday of 9.3 percent.

What is two-step verification and how to activate it

According Paul LimaSales Director for Cono Sur of the security company VU, the second authentication factor “it is a layer of security that is added to the basic credentials such as username and password”.

In this sense, he highlighted that “The association of these mechanisms raises the security levels, allowing to limit by 100% the cases of phishing. This extra step that protects our data can be activated in social networks, banking services, instant messaging, among others”.

The leading company in technology solutions for financial services, Fiserv, highlighted the importance of protecting personal data, since identity theft with credit and debit cards grows year after year. In addition, with increasingly developed options such as smartphonesonline transfers or contactlessnew forms of fraud are also being added that companies must consider.

From Mercado Libre they advise strengthening the security of the accounts with two-step verification that can be through the reception of security codes on the cell phone through text messages, WhatsApp or even through a call

Depending on the security firm, it is important to incorporate authentication plus authorization protocols. Likewise, he emphasized the use of fraud preventive tools and solutions, such as controls of doubtful amounts, suspicious patterns, use of foreign cards for payments of local services, and card tests.

In this sense, from Mercado Libre they advise to strengthen the security of the accounts with the verification in two steps that can be through the reception of security codes on the cell phone through text messages, WhatsApp or even through a call. The option is enabled, but not required, as is the case with some banks and other platforms. There is also the possibility of authenticating the user’s identity using the “Google Authenticator” tool, which allows you to generate temporary verification codes with the Google app.

In this way, the company asks the user to activate a verification method that will be required, for example, when you access your account from an unknown device or withdraw money.

Marcos Galperin, founder, CEO and president of Mercado Libre

Meanwhile, the company reported that the method that users use to unlock the screen of their phones also serves to protect the Mercado Pago or Mercado Libre app. In this sense, he explained that if the user has an Android device, he must activate his “Fingerprint, PIN or Pattern”, while if the device is iOS, he will have to activate “Touch ID and code” or “Face ID and code” .

This allows you to keep track of the account and see the devices where users have an active session. This way, if any are unknown, they can be deleted to protect money and data.

The hacking of Mercado Libre comes at a time when an intense debate is taking place between banks and fintech over the security of the operations in which they interact, as reported by Infobae In the past week. The regulations indicate that transfers between bank and virtual accounts must be made under equal conditions. Despite this, many leading banks put caps on these money transfers.

The argument of the banks to justify the limits on the remittance of money towards the fintech is that their security systems are not solid enough and that with the caps on transfers, the illicit ones were reduced. They also explain that digital wallets do not always have a second authentication factor.

