IMPORTANT NOTICE: Unusual Reckon Accounts Hosted activity detected
IMPORTANT NOTICE
Unusual Reckon Accounts Hosted activity detected
Please be advised that we have recently identified a number of suspicious login attempts on the Reckon Accounts Hosted login page. These attempted logins occurred on the 27th of December to the 9th of January 2023 and were using randomly generated UserID and Password combinations.
As soon as the irregular activity was detected, we took action to block these attempts and started an immediate investigation.
Based on all the information we currently have, we believe that there were no successful logins, and no client data was compromised.
While our investigation is not yet complete, and has taken until today to get a better sense of what happened, we wanted our customers to be aware of what has happened as soon as possible so they can ensure they are vigilant about the security of their data.
What you can do:
- Ensure you have a robust password or passphrase set on your Reckon Hosted User account. For more information on passphrases click here. For information on changing your Reckon Accounts Hosted User password click here.
- Create unique, complex passwords on each of your QBW data files. For information on how to set up users and passwords on your QBW file, log into your data file and open the Passwords: Adding Help File.
- Contact Reckon if you have noticed any unusual activity within your Reckon Accounts Hosted account or Reckon Accounts company file(s) since the 27th of December.
What Reckon are doing:
- We have taken immediate steps to block the attempted logins.
- We will be making improvements to the way Reckon Accounts Hosted passwords are handled in the immediate future.
- We will continue to enhance and improve the overall security and monitoring of the Reckon Accounts Hosted environment.
- We are continuing our investigation and will notify and work with the relevant authorities where required.
Further updates will be made in this thread as they come to hand and if you have any questions please feel free to reply below.
Comments
-
I have received 2 emails today from Reckon regarding these login attempts. One says my User ID was used and one doesn't state that it was. As several clients use my email address for Reckon communications how do I determine which User ID was used?
0 -
I was another who received a similar email, stating that access attempts had been made using my User ID. One wonders how somebody could get hold of my User ID. Then I recalled that five weeks ago, I became aware that a data breach had occurred at the ATO and MyGov and that data was being sold on the black market. So it is possible that my MyGov details were obtained from this source, because that is the same way that I process STP lodgments. The following information was reported as having come from ABC News on 28/11/2022:
"MyGov and ATO services are built with two-factor authentication, which protects accounts with compromised usernames and passwords, but those same login details could be used as a means to bypass less-secure services."
An obvious less secure service has the potential to be Reckon Hosted (there is no two-factor authentication involved with a login), although Reckon apparently have means to detect any such attempts. So, I decided to immediately change my password details.
A short while later, I did receive an email from Reckon, signed by Sam Allert, Managing Director, stating that my password had been changed. What did greatly concern me about this though, was that this email also decided to detail what my new password was. My opinion is that using an email to quote back to me my new password, is not a very secure method of doing so, unless of course, that email was encrypted. I have nothing to support an contention that this email was other than something which could be easily intercepted and read but somebody who should not be seeing it. Are you able to comment about this, please, Rav? John L G
3 -
What do I need to do to make sure that my file is not accessible to the current attack.
Is it possible to put dual authentication in to place as I have my gov etc.
1 -
This content has been removed.
-
This content has been removed.
-
Apologies for my delay in getting back to you both.
I believe Andrew from our Partner team has already been in touch for a chat just to clarify what happened there. Apologies for the confusion those multiple emails caused.
I was another who received a similar email, stating that access attempts had been made using my User ID. One wonders how somebody could get hold of my User ID.
Our investigations are continuing into this however from what we understand so far, the attempts were made using random combination attempts ie. multiple randomised attempts as opposed to specific information being obtained.
What did greatly concern me about this though, was that this email also decided to detail what my new password was. My opinion is that using an email to quote back to me my new password, is not a very secure method of doing so, unless of course, that email was encrypted.
In regard to the above, its a good point you make and to that end I'm happy to advise there has been active development work in this area just prior to Christmas which we're aiming to rollout to Reckon Accounts Hosted very soon to both enhance and tighten the password reset process.
Andrew will also be giving you a buzz later this afternoon for a chat as well.
0 -
📢 UPDATE - 8 January 📢
Hi everyone
If you're logging into Reckon Accounts Hosted today you may notice you're landing on a Human Verification authentication page prior to reaching the usual Reckon Accounts Hosted login screen.
We've introduced this to the login process as an added security measure for our Reckon Accounts Hosted users while our investigation into the unusual login activity continues.
The verification page will ask you to perform a quick and easy authentication task such as solving a simple shape puzzle using the slider on-screen or placing a dot to complete the path, check out the screen recording below for examples.
Once you have successfully completed the verification you will be taken to the regular Reckon Accounts Hosted login screen for you to login as normal and access your file.
If you have any questions please reply with a comment below and we're more than happy to assist.
____________________________________________________
Update - 8 Jan 3:18pm
Just a further update to the post above regarding the 'Human Verification' authentication. This step is now targeted and should not appear for most users.
We are continuing to perform investigative work into this and further information will be posted to this thread as soon as possible.
1 -
This content has been removed.
-
Hi again everyone
Just a further update to my previous post above regarding the 'Human Verification' authentication. This step is now targeted and should not appear for most users.
We are continuing to perform investigative work into this and further information will be posted to this thread as soon as possible.
0
Categories
- All Categories
- 6.7K Accounts Hosted
- 16 📢 Reckon Accounts Hosted - Announcements
- 6K Reckon Accounts (Desktop)
- 8 📢 Reckon Accounts Desktop - Announcements
- 1.5K Reckon Payroll
- 36 📢 Reckon Payroll - Announcements
- 15 Reckon Payroll Help Videos 🎥
- 28 Reckon Mate App
- 2.7K Reckon One
- 12 📢 Reckon One - Announcements
- 12 Reckon Invoices App
- 22 Reckon Insights
- 100 Reckon API
- 309 Point of Sale
- 1.9K Personal Plus and Home & Business
- 69 About Reckon Community