Software Giant Retool Announces Customer Account Breach After Targeted Social Engineering Attack

Software firm Retool claims the accounts of nearly 27 different cloud clients were breached after a targeted social engineering attack.

The leading platform is used to design business software by firms that range from startups to some of the biggest companies like Mercedes-Benz, Lyft, Amazon, and NBC. Coming to this particular attack, the head of the organization also explained how all the accounts were hacked belonging to clients hailing from the crypto sector.

This particular breach took place toward the end of August with attackers bypassing several security arrangements in place and making use of SMS phishing and other tactics to take over IT-based Okta accounts.

Such an attack made use of URLs that impersonated internal portals and were launched when migration for Okta logins was revealed. The report also detailed more on how most of the workers did end up ignoring the phishing text they received but one of them did accidentally click on it. And that featured a phishing link that directed it toward fake portals for logins. The latter entailed a form used to carry out multi-factor authentication.

After allowing for signup, the attacker mimicked the voice of the worker and ended up calling IT team members in a specific manner. This tricked them and provided more MFA codes that enabled the addition of controlled devices held by attackers toward a targeted account.

Now, the blame is being shoved in Google’s face because of its Authenticator sync feature.

The app is putting all the success upon the hacking of new features in this tool that enable users to align with 2FA codes and the Google account.

This has been requested for a really long time and people can now make use of the Google Authenticator 2FA codes on multiple devices. This is provided that they’re all signed into similar accounts.

But this new tool claims that a lot of breach has to do with the fact that Google’s feature enabled hackers to conduct successful phishing operations of workers’ Google account including the 2FA codes that are allotted for the specific service.

The company says that with the tool, attackers attained access to VPNs and that meant entry into the internal systems for admin members.

As a result, they took over the accounts in such specifically curated attacks on a particular figure of customers arising from the crypto industry. After such a takeover, the attacker even comprised a few of the apps along the way.

So yes Retool did enable MFA but Google Authenticator is to blame as the authentic codes that led to the cloud caused a transition to SFA. And in the end, it was all about OTPs being attained that were stored in Google’s Authenticator feature.

On this note, the company is issuing advice to tech giant Google to get rid of the drawbacks that its Authenticator app features, including how it should save MFA codes on the Cloud. Moreover, it provides firms with the chance to disable it as per their will.

Hence, if you actually have such a feature enabled, you might wish to inactivate it by pressing on the top right-hand side and selecting the ‘Use Authenticator without account’ ordeal. And that signs you out completely while deleting the synchronized 2FA codes on your account in Google.

Despite the claims, a spokesperson of Google says the company has always kept its users' safety as the top priority while they’re working online. Be it a single client or a big organization, they are always striving toward enhancing the technology that comes with authentication. This includes the much-talked-about passkey feature that is hailed for warding off phishing attacks.

Read next: Leading Health Applications on Android Have Hazardous Permissions
Previous Post Next Post