Recent incidents at The Kingdom Bank have raised user awareness regarding security. A client firm reported losing over €93,000 in cryptocurrency due to a breach.
Discovery of Breach and Client Reaction
The breach began with the compromise of the email associated with the firm's account, allowing the intruder to reset the password and gain access. Despite having two-factor authentication enabled via Google Authenticator, actions such as password resets and fund transfers were conducted without verification. A representative from the affected party stated: > “It was shocking to discover that Kingdom Bank’s advertised 2FA was not enforced for high-risk actions.”
Delayed Response and Denial of Responsibility
The firm reported the breach through Kingdom Bank’s live chat system promptly, but the bank's response did not come until two days later. In a formal letter, the bank denied responsibility, citing the external email compromise and that the breach occurred outside normal business hours. The letter concluded: > “This constitutes our final decision in this matter. No further claims or correspondence will be entertained.”
Findings and Recommendations for Users
After the incident, the client conducted an investigation and confirmed that even post-breach actions did not require 2FA codes for sensitive operations. This raises concerns about the security architecture of The Kingdom Bank. Clients are now urged to review their security implementations. Actions requiring 2FA include: * Password resets * Adding users * Transferring cryptocurrency.
The incident at The Kingdom Bank highlights the need for stringent security measures, particularly in digital banking. The affected client firm continues to advocate for improved security standards to protect clients from potential financial losses.
