Moreover, every question asked by BTC Markets is available in my registered email account which could have been hacked.
.
Yes, now you're starting to think. That's a good argument. This is an issue. Big issue.
In addition 2 responses received from imposter i.e. "Street Type" and "Account balance" were incorrect but still BTC Markets disabled 2FA of my account.
I know, I realised that the other day when I re-read your initial post for some clues. I had failed to pick it up because I was skimming. But also because that was your best argument, but you had it tucked away in the middle of your post and never brought it up again. I was going to edit to my post to apologise for missing that, but the edit button disappeared. Regardless, everything I said is still true regardless of this had I not made that error, I would not have been so suspicious of their conduct.
Add that argument to your complaint. Now it's starting to sound like you know that BTC Markets is very sloppy. If I were them, I'd start to take you more seriously.
BTC Markets should perform 100% verification of the account in addition to seeking police case number for the lost phone.
No. The verification protocol shouldn't be adjusted based upon what a stranger claims did or did not happen.
1. That would be so impractical that it is unreasonable to expect them to do that. What is a reasonable measure? The Privacy Act doesn't specify, as it may vary from industry to industry.
More importantly:
2. It means that social engineering can be used to exploit their authentication protocol: in my case, I just lost my 2FA PIN by flashing my phone. What proof do I provide? None. Which means that a hacker could just as easily have said
"I lost my 2FA PIN in manner that just so happens to require the least evidence from me"
Here's another one that you wanna look at:
Do you allow VPNs?
We do not specifically disallow the use of VPNs however the use of a VPN can cause delays in our identity verification systems as well as the processing of deposits and withdrawals. Due to these potential issues we recommend not using a VPN while accessing your BTC Markets account.
What do you reckon? Do your hacker used TOR or a VPN? If so, I wonder what failsafes were in place?
I am very keen to understand 2FA or infosec theory from you.
No. You're going to teach yourself, and get back to me if you need to refine your understanding with questions. You will know that you understand an idea if you can explain it to someone else without using big words. When you think you understand it, I will get you to explain it to me.
Or, if you've hit a wall to understanding it, ask me and I will point you further.
PS. If your first question is
What is 2FA? Well, then, then my brain may just explode