![]() Retool called for Google to address the cloud-saving behavior of Google Authenticator or provide organizations with the ability to disable it. This feature facilitated access to all 2FA codes used for internal services after an attacker compromised an employee's Google account, inadvertently shifting from multi-factor to single-factor authentication. ![]() The success of this hack was attributed to a new feature in Google Authenticator that enabled users to synchronize their two-factor authentication (2FA) codes with their Google accounts. This breach allowed the attacker to add a controlled device to the victim's Okta account. The attacker then deepfaked an employee's voice and manipulated them into providing an additional MFA code. While most employees ignored the phishing attempt, one unfortunate click led to a fake login portal with multi-factor authentication (MFA) forms. These attackers exploited a URL that mimicked Retool's internal identity portal, taking advantage of a scheduled migration of logins to Okta. The breach transpired on August 27, involving attackers bypassing multiple security controls through SMS phishing and social engineering to compromise an IT employee's () account. Notably, all the compromised accounts were linked to the cryptocurrency industry. Their platform is widely used by businesses, including () Retool, a software company, discloses around 27 of its cloud customers have been victimized by a targeted and multi-stage social engineering attack. Vulnerability Cryptocurrency Google Authenticator synchronization feature blamed for the data breach on Retoo.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |