Friday, September 15, 2023

How Google Authenticator made one company’s network breach much, much worse


Cartoon image of laptop and a hand holding a smartphone illustrate multifactor authentication.

Enlarge (credit: Getty Images)

A security company is calling out a feature in Google’s authenticator app that it says made a recent internal network breach much worse.

Retool, which helps customers secure their software development platforms, made the criticism on Wednesday in a post disclosing a compromise of its customer support system. The breach gave the attackers responsible access to the accounts of 27 customers, all in the cryptocurrency industry. The attack started when a Retool employee clicked a link in a text message purporting to come from a member of the company’s IT team.

“Dark patterns”

It warned that the employee would be unable to participate in the company’s open enrollment for health care coverage until an account issue was fixed. The text arrived while Retool was in the process of moving its login platform to security company Okta. (Okta itself disclosed the breach of one of its third-party customer support engineers last year and the compromise of four of its customers’ Okta superuser accounts this month, but Wednesday’s notification made no mention of either event.)

Read 18 remaining paragraphs | Comments

Reference : https://ift.tt/Eb9U1qh

No comments:

Post a Comment

Get to Know the IEEE Board of Directors

The IEEE Board of Directors shapes the future direction of IEEE and is committed to ensuring IEEE remains a strong and vibrant organizati...