Forum Discussion

AnnieGrace13's avatar
12 months ago

Security Breaches

I was surprised to find out after a security breach myob couldn't see where someone login locations had happenned.

Ater having a past staff member potentially logging in on Myob for 5 months when not employed by the company under the Administrator login I would have wanted to find out which phone was used to authenticate all these logins for the past 5 months.  I spoke ot myob 4 times today and no-one could help.  Trish Barnes BAS Agent

  • Hi AnnieGrace13

     

    Thanks for posting your concern in the forum. 

     

    I understand how important security is for the file. Unfortunately, the app does not collect data on how the authentication was done for a login. This is why we recommend each user to have their own email login to the file, as soon the user in the file is inactivated, they will have no access to the file. If the person we are trying to remove from the file has their own user login details, the credentials of that login are tied to their email address. If this is the case, you could check the Journal Security Audit report to see what information they have edited in the file and when they logged in to the file. However, if the person in question does not have their own login the Journal Security Audit report will only show input based on the user login they used. 

     

    At this point, I recommend resetting the 2fa from your My Account to avoid further unwanted logins to the file.

     

    We appreciate your patience. Let us know how we can further assist. 

     

    Thanks,

    Genreve

     

     

  • Hi AnnieGrace13

     

    Thanks for posting your concern in the forum. 

     

    I understand how important security is for the file. Unfortunately, the app does not collect data on how the authentication was done for a login. This is why we recommend each user to have their own email login to the file, as soon the user in the file is inactivated, they will have no access to the file. If the person we are trying to remove from the file has their own user login details, the credentials of that login are tied to their email address. If this is the case, you could check the Journal Security Audit report to see what information they have edited in the file and when they logged in to the file. However, if the person in question does not have their own login the Journal Security Audit report will only show input based on the user login they used. 

     

    At this point, I recommend resetting the 2fa from your My Account to avoid further unwanted logins to the file.

     

    We appreciate your patience. Let us know how we can further assist. 

     

    Thanks,

    Genreve