Cloudflare Reports Credential Theft After Employee Smishing Attack

Attackers managed to steal usernames and passwords from Cloudflare employees through a phishing attack and then tried to log into the internet company’s systems. Because Cloudflare requires the use of a physical security key for all employees as two-factor authentication, the attackers were not allowed access, the company said in a blog post.he attack on Cloudflare used text messaging. The messages linked to a phishing site. Three Cloudflare employees entered their login details there. The data obtained was used to attempt to login to Cloudflare systems. Since the attackers did not have the required physical security key, they were not allowed access, Cloudflare said. The smishing website in question was not only set up to steal login credentials from employees, but also tried to install the remote administration software AnyDesk. This would have allowed the attackers to take over systems of the employees in question remotely, but that was not the case, Cloudflare said. Following the incident, Cloudflare reset the passwords of affected employees and took the attackers’ infrastructure offline together with hosting provider Digital Ocean. Furthermore, according to the internet company, the attack shows how important the use of physical security keys is. Cloudflare claims that no successful phishing attack has occurred since the introduction of such keys.