News Post

How Google Authenticator made one company’s network breach much, much worse

Arstechnica

· 9m
placeholder-image

Security company Retool criticized Google's authenticator app for making a recent internal network breach worse. The breach resulted in attackers gaining access to the accounts of 27 customers in the cryptocurrency industry. The attack started when a Retool employee clicked on a text message link claiming to be from the company's IT team. The employee logged into the linked site and provided a password and a temporary one-time password (TOTP) from Google authenticator. The attackers then called the employee, claiming to be an IT team member, and obtained an additional multi-factor code. Retool argues that Google's recent synchronization feature for authenticator codes is highly insecure, as it allowed the attackers to compromise multiple company accounts.

View Source
No Comments yet

More Like this

RBI is planning to change the OTP you use to authenticate your transaction, here’s how

RBI is planning to change the OTP you use to authenticate your transaction, here’s how

Authentication startup FusionAuth raises $65M, its first outside round

Authentication startup FusionAuth raises $65M, its first outside round

Passwordless authentication startup SecureW2 raises $80M from Insight Partners

Passwordless authentication startup SecureW2 raises $80M from Insight Partners

WhatsApp implements ‘Passkey’ for secure iOS authentication: How it works

WhatsApp implements ‘Passkey’ for secure iOS authentication: How it works

Android 15 might soon be able to protect your two-factor authentication codes

Android 15 might soon be able to protect your two-factor authentication codes

RockClimber banks on authenticity and quality to tap into India’s beverage market

RockClimber banks on authenticity and quality to tap into India’s beverage market

Startup develops AI tool that creates multi-faceted authentication system

Startup develops AI tool that creates multi-faceted authentication system

Can Reddit—the Internet’s Greatest Authenticity Machine—Survive Its Own IPO?

Can Reddit—the Internet’s Greatest Authenticity Machine—Survive Its Own IPO?

Social commerce set to scale, but concern of authenticity looms large: Industry

Social commerce set to scale, but concern of authenticity looms large: Industry

Laced, a UK-based resale marketplace for authenticated premium sneakers, raises $12M

Laced, a UK-based resale marketplace for authenticated premium sneakers, raises $12M

Download the medial app to read full posts, comements and news.