A problem as old as the Internet. There should be 2fa minimum with encryption as rest and in transit.