Skip to content
February 6, 2023
  • +91 951 380 5401
  • [email protected]
  • Instagram
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
news4-logo-news4hacker

cyber-security-diploma-course
Primary Menu news4-logo-news4hacker

  • Home
  • News
  • Latest News
  • Walkthrough
  • Jobs And Internships
  • Tutorial
  • Contact Us
  • Home
  • Latest News
  • The number of companies caught up in recent hacks keeps growing
  • cyber attacks
  • Data Breach
  • hacking
  • Hacking Tools
  • Latest Hacking Tools
  • Latest News
  • news
  • Phishing Attack

The number of companies caught up in recent hacks keeps growing

August 28, 2022 Deepti Maan
The number of companies caught up in recent hacks keeps growing1
Post Views: 63

“Authy, LastPass, and DoorDash became a victim of a cyber attack, recently”

We know that the patched security hacks are just temporary, and can be the victim again when there is a way for that with Cybercriminals. Attackers always stay active to get the chance for exploiting vulnerabilities in any organization’s system or software.

A long ago, you heard about Twilio becoming the victim of an adversary’s attack and that was vicious of them to get the best out of tactics to snap Twilio into the whirlpool of traps. Twilio users were relieved when they got the patch and the data was safe until now.

Now! What again? Did something happen to Twilio again? Yeah! Not only Twilio but other companies were also the victim of the familiar threat. So, what’s this threat, and how does it happen to make its way into the database of these companies? Let’s talk about this.

Last Week, Twilio

Disclosed that it was breached by strong and resourced phishers. These people used their access to breach 163 customers’ data.

Security firm Group-IB,

It faced a similar threat incident when Twilio was having issues with data access due to a phishing attack. A total number of at least 136 companies were in similar advanced attacks.

Three Companies

  • Twilio-owned Authy
  • Password Manager LastPass,
  • Food Delivery Network DoorDash

These three companies in recent days were caught in an incident that related to data breaches. It appears that the one who attacked them was using the same technique in each of the attacks.

Authentication service Okta and secure messenger provider Signal,

They both have the same saying as their data was hacked as a result of the Twilio breach. Twilio got into the spotlight again because of this breach. As it doesn’t take only a single company but also includes others in this list.

Group-IB, Thursday

A total of 136 companies were victimized by the same adversary as Twilio. DoorDash is one of them, a company representative has told TechCrunch.

Jetlag like Situation

Compromising Authy and LastPass in this event is too stressful. That’s because both companies are well established, providing services to a big group of people. Moreover, that big of a data pile is not something to take so carelessly. Let’s see what both companies have to say about it.

 

Authy

“It stores 2FA tokens for 75 million users. Given the passwords, the cybercriminal has already obtained them in previous breaches. These tokens might be the only ones saving more accounts from getting in control of the adversaries.

 

Related News here:

Twilio breach let hackers gain access to Authy 2FA accounts

Authy

 

The adversary utilized its keys to log in to only 93 individual accounts and synced new devices capable of collecting OTPs. The threat is more dangerous depending on the accounts’ users. Authy has since removed suspicious devices from connected accounts.”

LastPass

The adversary gets unauthorized access via a single victimized developer a/c to portions of the password manager’s development environment. After that, the adversary “took parts of source code and some proprietary LastPass technical data.”

The things that remain untouched were:

  • Master passwords,
  • Encrypted passwords
  • Other data stored in customer accounts,
  • Customers’ personal data

There the data of LastPass that was the victim of this attack wasn’t that much confidential. Any breach that involves a major password management provider is risky, related to how much data it keeps.

DoorDash

Scatter Swine came into the spotlight which points out the fact that the one who was involved in the attack-related data breach was none other than Scatter Swine itself. The information that was released due to the event were:

  • An undisclosed number of customers
  • Their names,
  • Email addresses
  • Delivery addresses,
  • Phone numbers,
  • Partial payment card numbers

The threat actor obtained names, phone numbers, and email addresses from an undisclosed number of DoorDash contractors.

Scenario of Attack

In reports, the phishing attack on Twilio was very well-versed and organized with surgical precision. The adversaries had the personal contact info of employees. 1696+ counterfeit domains impersonating Okta and other security providers. Plus, they have the 2FA protection layers that use OTPs.

 

The threat actor’s ability to leverage data obtained in one breach to wage supply-chain attacks against the victims’ customers—and its ability to remain undetected since March—demonstrates its resourcefulness and skill.

 

This is common for organizations that disclose breaches. After which, in two or more weeks they add some details to the incidents to spread awareness about how the things happened in a sequence. There won’t be any surprise if any more victims come out to alert others.

If we point at the lesson, we learned from this incident then it would be that every 2FA isn’t the same and safe as you consider one for you. The OTPs sent via SMS, or created via authenticator apps are potential enough to get phished as the passwords. This is what makes it possible for adversaries to bypass the last security layer to get to our accounts.

An organization that was on target, but fortunately didn’t become a victim was none other than Cloudflare.

 

Cause:

Employees of Cloudflare relied on 2FA with the use of physical keys like Yubikeys. It can’t be phished that easily, and that tags some other FIDO2-compliant forms of 2FA too.

*This post has been rewritten throughout to correct the relationship of the new breaches to the previously disclosed compromise of “Twilio”.

 

Watch more latest news:

 

NASA Prepares Artemis I SLS-Orion Spacecraft Ahead Of Planned August 29 Launch

 

 

Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts

 

Deepti Maan

See author's posts

Tags: 1password hacked, authy hacked, authy twilio hacked account, best hacker in the world, doordash hacked, doordash hacked 2021, doordash hacked 2022, doordash hacked account, doordash hacked my bank account, hacker name, how to use twilio authy twilio authy vs verify, is twilio authy safe, lastpass account hacked, lastpass been hacked, lastpass extension, lastpass hacked, lastpass hacked 2020, lastpass hacked 2021, lastpass hacked 2022, lastpass login, lastpass password hacked, the number of companies caught up in recent hacks keeps growing, twilio, twilio authy, twilio authy 2-factor authentication apk, twilio authy api, twilio authy login, twilio breach, types of hackers, world no 1 hacker software

Continue Reading

Previous NASA Prepares Artemis I SLS-Orion Spacecraft Ahead Of Planned August 29 Launch
Next Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center

More Stories

Data Breach
  • Data Breach
  • hacking
  • Latest hacking news
  • Online Cyber Frauds

PeopleConnect has confirmed the data breach Incident of 20 M Accounts

February 5, 2023 Sandhyakumari
Confidential Data Compromised in Cyber Attack: Arnold Clark
  • hacking
  • Latest hacking new
  • Latest News
  • news
  • Online Cyber Frauds

Confidential Data Compromised in Cyber Attack: Arnold Clark

February 3, 2023 Sandhyakumari
Work From Home Job
  • cyber attacks
  • hacking
  • Latest hacking news
  • Latest News
  • news
  • Online Cyber Frauds

Online Work From Home Job Offers? Please Refrain from Investing. Why?

January 29, 2023 Sandhyakumari

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Latest
  • Popular
  • Trending
  • Data Breach
    • Data Breach
    • hacking
    • Latest hacking news
    • Online Cyber Frauds

    PeopleConnect has confirmed the data breach Incident of 20 M Accounts

    February 5, 2023 Sandhyakumari
  • Confidential Data Compromised in Cyber Attack: Arnold Clark
    • hacking
    • Latest hacking new
    • Latest News
    • news
    • Online Cyber Frauds

    Confidential Data Compromised in Cyber Attack: Arnold Clark

    February 3, 2023 Sandhyakumari
    • Walkthrough

    DC:5 Vulnhub Machine Walkthrough

    January 31, 2023 Sandhyakumari
  • Work From Home Job
    • cyber attacks
    • hacking
    • Latest hacking news
    • Latest News
    • news
    • Online Cyber Frauds

    Online Work From Home Job Offers? Please Refrain from Investing. Why?

    January 29, 2023 Sandhyakumari
  • Darkweb hackers
    • hacking
    • Latest News
    • news
    • Online Cyber Frauds

    Darkweb hackers hacked the email server of the Ministry of External Affairs.

    January 28, 2023 Sandhyakumari
    • Latest News

    People Are Getting Hacked By The Cyber Criminals In Order To Get There Internet Connection Fast.

    August 31, 2021 Tushar
  • jamtara
    • Cyber Security
    • Latest News

    To Reduce Crime In The City OF Crime “Jamtara” Teachers Become Police Officers .

    August 19, 2021 Tushar
  • Bangalore City Police
    • Latest News

    UK Friend took advantage of woman’s 8 accessed bank accounts turns to be a cyber thug.

    August 2, 2021 Tushar
  • Market Again in Hype because of Latest Hacking Tools in 2022
    • Cyber Security
    • Data Breach
    • Data Science
    • Hacking Tools
    • Latest News
    • Ransomware Attack
    • Ransomware attacks

    Navigating Threat Situations 2021 – From Ransomware to Botnets

    November 11, 2021 Tinku
  • Database Getting Sold on Darkweb
    • Data Breach
    • Featured
    • Latest News

    AirIndia | Dominos | Tata Communication | Upstox | SBI Yono App | Mobikwik | True Caller | Indian | Data Available Online for Sale

    May 28, 2021 news4
  • Data Breach
    • Data Breach
    • hacking
    • Latest hacking news
    • Online Cyber Frauds

    PeopleConnect has confirmed the data breach Incident of 20 M Accounts

    February 5, 2023 Sandhyakumari
  • Confidential Data Compromised in Cyber Attack: Arnold Clark
    • hacking
    • Latest hacking new
    • Latest News
    • news
    • Online Cyber Frauds

    Confidential Data Compromised in Cyber Attack: Arnold Clark

    February 3, 2023 Sandhyakumari
    • Walkthrough

    DC:5 Vulnhub Machine Walkthrough

    January 31, 2023 Sandhyakumari
  • Work From Home Job
    • cyber attacks
    • hacking
    • Latest hacking news
    • Latest News
    • news
    • Online Cyber Frauds

    Online Work From Home Job Offers? Please Refrain from Investing. Why?

    January 29, 2023 Sandhyakumari
  • Darkweb hackers
    • hacking
    • Latest News
    • news
    • Online Cyber Frauds

    Darkweb hackers hacked the email server of the Ministry of External Affairs.

    January 28, 2023 Sandhyakumari

Categories

Apple bitcoin Blockchain Techonology cloud computing cryptocurrency Cryptoghraphy cyber-war cyber attacks Cyber Security Darkweb database Data Breach Data Science Featured Google hacking Hacking Tools Hacking Tutorials IoT kali linux Latest hacking new Latest hacking news Latest Hacking Tools Latest News Machine Learning  Malware Malware attack Microsoft server attacks mobile technology Network Security news Online Cyber Frauds penetrationtesting Phishing Phishing Attack prevent ransomware attacks python Ransomware Attack Ransomware attacks RHCE Technology Uncategorized Vulnerability Walkthrough zero-day

CoverNews Social

  • Instagram
  • Facebook
  • Twitter
  • Linkedin
  • Youtube

You may have missed

Data Breach
  • Data Breach
  • hacking
  • Latest hacking news
  • Online Cyber Frauds

PeopleConnect has confirmed the data breach Incident of 20 M Accounts

February 5, 2023 Sandhyakumari
Confidential Data Compromised in Cyber Attack: Arnold Clark
  • hacking
  • Latest hacking new
  • Latest News
  • news
  • Online Cyber Frauds

Confidential Data Compromised in Cyber Attack: Arnold Clark

February 3, 2023 Sandhyakumari
  • Walkthrough

DC:5 Vulnhub Machine Walkthrough

January 31, 2023 Sandhyakumari
Work From Home Job
  • cyber attacks
  • hacking
  • Latest hacking news
  • Latest News
  • news
  • Online Cyber Frauds

Online Work From Home Job Offers? Please Refrain from Investing. Why?

January 29, 2023 Sandhyakumari
Darkweb hackers
  • hacking
  • Latest News
  • news
  • Online Cyber Frauds

Darkweb hackers hacked the email server of the Ministry of External Affairs.

January 28, 2023 Sandhyakumari

News4hacker

News4Hacker is a sister vertical of Craw Security. As the name suggests, we deliver crucial information related to cyber threats and varied hacking incidents news happening all over the world on real-time basis.

Recent Posts

  • PeopleConnect has confirmed the data breach Incident of 20 M Accounts
  • Confidential Data Compromised in Cyber Attack: Arnold Clark
  • DC:5 Vulnhub Machine Walkthrough

Contact us

1st Floor, Plot no. 4, Lane no. 2, Kehar Singh Estate Westend Marg Behind Saket Metro Station Saidulajab New Delhi – 110030
Contact us : +91 951 380 5401
Email Id : [email protected]

  • Home
  • News
  • Latest News
  • Walkthrough
  • Jobs And Internships
  • Tutorial
  • Contact Us
  • Instagram
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
Copyright © 2023 | CoverNews by AF themes.