Which, btw, is optional, and which can be disabled for Google Workspace users by the admin.Īs if the outcome would have been any different if Retool were using MS365 instead of Google Workspace, since Microsoft Authenticator also syncs its keys with the owner's MS365 account. So we have an employee who's a complete idiot, working for a company which exists to "help customers secure their software development platforms" yet doesn't teach its employees basic security hygiene (which makes this even more scary), and since the attackers were able to extract login details for other accounts (which I assume were synced in Google's password manager) it seems the optional sync password that adds another layer to protect stored passwords hasn't even been set (which would have prevented the attackers being able to access stored passwords, but then an employee who helps random people to sync a new 2FA device to his company account would probably just have told the attackers the sync password when asked).īut, somehow, this complete failure on basic security on all levels, is supposed to be not the fault of the idiots from Retool but the sync feature of Google Authenticator. And now, being in possession of the employee's login details and a working 2FA device on their own, the hackers then extracted login details for all other accounts that employee had access to. Its a cloud-based manager that automatically stores a secure backup of your 2FA codes on its servers. The attackers then called the very same employee and convinced them to give them the registration token to register an additional 2FA device for the employee's account. Authy may be the simplest and most straightforward option for most people. ![]() ![]() So someone was able to phish user name, password and an TOTP token from an employee of Retool, and used the credentials to log into that employee's Google Workspace account.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |