Share this content

Xero account hacked

Happened to anyone else?

Didn't find your answer?

A client's Xer oaccount was hacked in the very early ours of Friday morning & emails sent to all clients chasing payment and informing them of new bank details. We don't think that any money was actually paid over, so that's good. The Assurance dashboard shows that no users logged in between Thursday noon and Friday noon. 

Client is contacting Xero, but has anyone heard of this happening before?

Replies (9)

Please login or register to join the discussion.

By Duggimon
10th Jun 2019 10:35

How do you know it was the Xero account that was hacked if there's no login activity and the evidence is all in the form of emails?

Thanks (0)
Replying to Duggimon:
By atleastisoundknowledgable...
10th Jun 2019 10:59

Somehow the client has got a screen that shows the IP address & time of all logins to their Xero account. I didn't know that that was a thing, but apparently so.

Thanks (0)
By MissAccounting
10th Jun 2019 10:48

Something doesnt sound correct here but its one of the downsides to any cloud software. Make sure you have strong passwords and 2FA.

Thanks (1)
Replying to MissAccounting:
By atleastisoundknowledgable...
10th Jun 2019 11:00

Good idea, I shall advise this.

Thanks (0)
By Mr_awol
10th Jun 2019 12:11

If there are no registered logins then it doesn't sound like the client's account with Xero has been hacked to instigate these emails. That leaves me with two possible assumptions. Either:
1) The client's email account has been hacked and Xer0-looking reminders sent to all contacts.
2) Xero itself was hacked and these items were sent without anyone logging in as client (in which case no strength password or 2fa would have made any difference)

I doubt it is option 2 - we'd have heard more about it, I'm sure.

Thanks (0)
Locutus of Borg
By Locutus
10th Jun 2019 14:02

If no users logged into Xero over the period that you believe the "hack" took place, it seems more likely that another part of your client's own computer system was actually hacked, such as their own computer / server / e-mail account.

Thanks (1)
By johnt27
10th Jun 2019 16:34

Never happened to any of our clients and as others have pointed out having 2FA enabled will minimise the risk and it sounds more like an email hack. Assurance dashboard would pick up any login and activity.

In addition Xero have some decent tools around IP tracing and tend to prevent logins from unfamiliar IP's. It doesn't mean it can't be fooled but we've had, on occasion, issues with clients not being able to login when occasionally logging in from home or coming into our offices for training, for example.

Thanks (0)
Elliott Chandler Picture
By elliottchandler
10th Jun 2019 18:31

Even with strong passwords online accounts can still be compromised. The key to keeping them secure is second factor authentication or multi-factor authentication. In addition some SaaS apps will provide restrictions based on location. I know this is the case with Office 365 but not sure on Xero.

Thanks (0)
By johnhemming
10th Jun 2019 18:50

Look at the email headers (the hidden ones that you tend to get only by looking at properties or the email source)

They will say which servers were used to send the email (at least to some extent).

Thanks (0)
Share this content