|
January 03, 2014, 12:13:07 AM |
|
Who knows the true story, but the most obvious issue is that someone let their computer be controlled by an unknown 3rd party. This is no different than giving your password via email or over the phone.
I saw no mention of 2fa. 2fa is needed to log-in or to withdrawal or both if you check it along with changing security which is mandatory. I assume that only log-in was checked and not withdrawal? If so, that explains how the BTC-e code was generated.
Also, since there was access to the computer, I'm sure they simply opened up the email client, which was already logged in and confirmed the withdrawal.
The moral of the story is, if you don't know the general security rules of the internet, then don't get on it, especially when it comes to $.
Just curious, why would your "friend" allow someone to remote into his PC in the first place? What was this support person supposed to do anyone? Even though we know it wasn't a real support person.
BTC is gone, nothing to recover, unless somehow the confirmation email went into spam, but if there are no BTC in the account, then it's bye bye.
|