Assailants Abused IRS PIN Two-factor Authentication

By the look of things, the IRS PIN system has been hacked again. It is not the first time this has happened, and the government institution will remove the electronic filing PIN tool from the website and their toll-free phone number. The official explanation is how the IRS noticed some additional questionable activity, which is fed-speak for “we have been taken advantage of.”

The IRS PIN system is not Very Secure

In most cases, convenience will trump security, and the IRS PIN system is no exception to this unwritten rule. It is not the first the IRS is forced to suspend this system either, as details of 800 users have been stolen earlier this year. Events took place during March of 2016, and despite the security incident, the IRS told users to file tax returns as they would otherwise.

Similar to how most the PIN systems work in the world, every code should be unique, special, and secure. In a way, this PIN code is used as a form of two-factor authentication, adding an extra layer of security to user logins. Most countries around the world have employed a similar system throughout the years.

It remains unclear as to how this PIN system, was abused this time, though. Codes are issued to users randomly, albeit they must be stored in some database controlled by the IRS. Whether this centralized database was hacked, or somebody used social engineering to obtain sensitive data, remains anybody’s guess for now.

The IRS uses these PIN codes to add a layer of security to tax returns as well. Considering how tax return fraud is a grave threat to enterprises in the US, it looks like individuals are on the brink of being victimized as well. These PIN codes replaced the social security numbers, which were used previously to prevent tax return fraud.

Luckily, the IRS had initially planned to pull the PIN system later this year. It looks like this process will be sped up, though, albeit it remains to be seen which security measure will take its place. Hopefully, they will not revert to using SSNs, as that would do more harm than good at this stage.

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.