Why Two-Factor Authentication (2FA) is Essential: Lessons from a First-hand Walmart Account Hack

At Infiniwiz, we understand how imperative Two-Factor Authentication (2FA) is in safeguarding users’ sensitive information. While we employ multiple layers of security, it is important to note that 2FA is the last line of defense in protecting against data breaches as well as unauthorized access from malicious con artists.

Recently, one of my friends had their Walmart account hacked. The con artist attempted to purchase an item using the account. However, thankfully, Chase Bank blocked the transaction.

My friend discovered that Walmart did not offer 2FA when a user logs into their account. Without 2FA, the account was susceptible to an attack where the hacker was able to gain access. If Walmart had 2FA enabled, the hacker would need to provide a second factor of authentication after entering the correct email and password combination. This could include entering a code sent to the owner's phone or email, or generated by a 2FA app. Without access to the second factor, the hacker would be unable to access the account.

This situation highlights why 2FA is essential for secure online accounts. Passwords alone are often easy to guess or crack. Also, many people use the same password across multiple accounts.

I had the opportunity to speak to my friend about the issue:

Q: Can you walk me through what happened when you realized your Walmart account had been hacked?

A: My bank notified me that there was a suspicious transaction on my Walmart account. When I logged in, I saw that someone had attempted to purchase an item I had never ordered.

 

Q: Did you have a strong, unique password for your Walmart account?

A: I wouldn't say a strong, unique password, but it's strong enough that I've never had issues, but I also use 2FA everywhere it's available. And now starting to switch to more randomized passwords.

 

Q: What led you to set up a passwordless sign-in for your Walmart account, and how did this change come about?

A: Prior to the incident, I was simply logging in using a password. However, following the incident, I ended up setting up a passwordless sign-in, which is one of Walmart's sign-in alternatives, that emailed a code rather than requiring a password.

 

Q: Did you have any suspicions that your account had been compromised before the hacker attempted to make a purchase?

A: No, I had no clue until I received the Chase email.

 

Q: Did the hacker access your personal information, such as your name, address, or credit card information?

A: The hacker may have accessed my name and address but not my credit card information.

 

This is only one situation that shows why 2FA is imperative for users. In addition to 2FA, there are several other security measures that you should consider to protect your online accounts, such as using strong, unique passwords and regularly monitoring your accounts for suspicious activity.

Overall, this experience highlights the importance of 2FA for securing online accounts. As an MSP, we encourage all our clients to implement 2FA wherever possible and to take additional security measures to protect their sensitive information. If you have any questions, feel free to contact us!