Categories: Scam Alert

Cloud Synchronization Function Of Google Authenticator Is The Reason Of Fortress Hack

Key Points:

  • Retool reveals crypto thefts from 27 customers due to a Google Authenticator flaw.
  • The breach stemmed from an SMS phishing attack targeting Retool employees, granting attackers control over accounts.
  • Similarities with Scattered Spider’s tactics were observed; no unauthorized access to on-premises accounts was reported.
In a recent revelation, software company Retool revealed details about a cyberattack that compromised 27 crypto customer accounts, resulting in millions of dollars in losses. The breach, which occurred on August 27, 2023, shed light on a critical vulnerability associated with Google Authenticator.
Cloud Synchronization Function Of Google Authenticator Is The Reason Of Fortress Hack 2

The attack exploits the Google Authenticator cloud sync function, effectively transforming multi-factor authentication into a single-factor system. The offender gained control of an Okta account and subsequently seized control of the associated Google account, which held all one-time passwords (OTPs) stored in Google Authenticator. This synchronization feature, previously considered secure, turned out to be a novel attack vector.

The incident began with an SMS phishing attack aimed at Retool employees, where threat actors posed as members of the IT team. Employees were forced to click on a seemingly legitimate link to address a payroll-related issue. An additional security flaw emerged when an employee enabled Google Authenticator’s cloud sync feature, granting threat actors elevated access to internal admin systems.

The attackers subsequently changed email addresses and reset passwords for 27 customers in the crypto industry, resulting in substantial losses, notably the theft of $15 million worth of cryptocurrency from Fortress Trust, as reported by CoinDesk.

While the exact identity of the hackers remains undisclosed, their tactics resemble those of a financially motivated threat actor known as Scattered Spider, recognized for employing sophisticated phishing techniques. Retool assures that the breach did not grant unauthorized access to on-premises or managed accounts and coincided with the company’s migration of logins to Okta.

DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Harold

With a passion for untangling the complexities of the financial world, I've spent over four years in financial journalism, covering everything from traditional equities to the cutting edge of venture capital. "The financial markets are a fascinating puzzle," I often say, "and I love helping people make sense of them." That's what drives me to bring clear and insightful financial journalism to the readers of Coincu.

Recent Posts

Will Bitcoin Crash or Soar Past $105K in 2024?

Will Bitcoin Crash?" seems to be one of the most controversial questions, as the price…

13 minutes ago

The Best Crypto for Passive Income? 10% Weekly Gains and 20% Final Surge—Qubetics Mirrors Cosmos’ Early Success!

There’s always that one coin people wish they hadn’t overlooked. For many, Cosmos ($ATOM) is…

41 minutes ago

Cosmos Developer Interchain Foundation Sold 3000 ETH Today

Cosmos Developer Interchain Foundation sold 3000 ETH from its ICO today, totaling 21,600 ETH sold…

2 hours ago

Zircuit Launches ZRC Token: Pioneering the Next Era of Decentralized Finance

George Town, Grand Cayman, 22nd November 2024, Chainwire

2 hours ago

Inflation Warning By Vanguard Amid Tariffs And Labor Issues

Inflation Warning by Vanguard highlights risks during Trump’s term, citing tariffs and tighter labor markets…

2 hours ago

Clanker Token Trading Volume Hits $59.8 Million High On November 21

Clanker token trading volume hit $59.8M on Nov 21, accounting for 14.75% of PumpFun. Fee…

3 hours ago

This website uses cookies.