Multifactor Authentication

Backup in the cloud of Google Authenticator means loosing control

Two-factor authentication (2FA) is widely recommended for security, but the devil is in the details. Google recently faced issues with their Google Authenticator app, causing concern in the security community.Authenticator apps like Google Authenticator, Microsoft Authenticator, and Authy generate time-dependent six-digit numbers based on a secret key. This system, known as time-based one-time passwords (TOTP), […]

Data Breaches Multifactor Authentication Password management Security
LastPass customer

LastPass customer: time to change passwords

The hacker copied information from backup that contained basic LastPass customer account information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. The threat actor was also able to copy a backup of customer vault data from the […]

Data Breaches Multifactor Authentication Password management
Gemini leaks private data

Crypto exchange Gemini leaks private data of 5.3 million users

The American crypto exchange Gemini leaks private data of 5.3 million users, which is subsequently being used for targeted phishing attacks. It concerns e-mail addresses and partial telephone numbers. According to Gemini, the data was stolen from an unnamed “third-party” supplier. No further details about the data breach have been provided. Gemini does advise users […]

Multifactor Authentication Password Management Security

Gambling platform DraftKings theft of $300,000 via credential stuffing

Online gambling platform DraftKings has been hit by a credential stuffing attack in which attackers managed to break into users’ accounts and steal some $300,000. Credential stuffing uses previously leaked email addresses and passwords to gain automated account access. Attackers check whether they can also log in to website B with credentials stolen from website […]

Hack Multifactor Authentication Password Management Phishing

Cisco hacked by password storage in the browser and MFA fatique

Cisco confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee’s personal Google account that contained passwords synced from their web browser.“Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account” “The user had enabled password […]