Categories: Scam Alert

Cloud Synchronization Function Of Google Authenticator Is The Reason Of Fortress Hack

Key Points:

  • Retool reveals crypto thefts from 27 customers due to a Google Authenticator flaw.
  • The breach stemmed from an SMS phishing attack targeting Retool employees, granting attackers control over accounts.
  • Similarities with Scattered Spider’s tactics were observed; no unauthorized access to on-premises accounts was reported.
In a recent revelation, software company Retool revealed details about a cyberattack that compromised 27 crypto customer accounts, resulting in millions of dollars in losses. The breach, which occurred on August 27, 2023, shed light on a critical vulnerability associated with Google Authenticator.
Cloud Synchronization Function Of Google Authenticator Is The Reason Of Fortress Hack 2

The attack exploits the Google Authenticator cloud sync function, effectively transforming multi-factor authentication into a single-factor system. The offender gained control of an Okta account and subsequently seized control of the associated Google account, which held all one-time passwords (OTPs) stored in Google Authenticator. This synchronization feature, previously considered secure, turned out to be a novel attack vector.

The incident began with an SMS phishing attack aimed at Retool employees, where threat actors posed as members of the IT team. Employees were forced to click on a seemingly legitimate link to address a payroll-related issue. An additional security flaw emerged when an employee enabled Google Authenticator’s cloud sync feature, granting threat actors elevated access to internal admin systems.

The attackers subsequently changed email addresses and reset passwords for 27 customers in the crypto industry, resulting in substantial losses, notably the theft of $15 million worth of cryptocurrency from Fortress Trust, as reported by CoinDesk.

While the exact identity of the hackers remains undisclosed, their tactics resemble those of a financially motivated threat actor known as Scattered Spider, recognized for employing sophisticated phishing techniques. Retool assures that the breach did not grant unauthorized access to on-premises or managed accounts and coincided with the company’s migration of logins to Okta.

DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Harold

With a passion for untangling the complexities of the financial world, I've spent over four years in financial journalism, covering everything from traditional equities to the cutting edge of venture capital. "The financial markets are a fascinating puzzle," I often say, "and I love helping people make sense of them." That's what drives me to bring clear and insightful financial journalism to the readers of Coincu.

Recent Posts

Thai Police Corruption Case Involving Officers and Extortion

Thai police corruption exposed as officers extort millions in USDT from a Chinese man under…

2 hours ago

SafePal Telegram Wallet Launches with Swiss Bank Accounts and CeDeFi

SafePal Telegram Wallet allows 950 million users to create compliant crypto-friendly Swiss bank accounts, integrating…

3 hours ago

Sheetz Crypto Payments Now Accepted at Over 750 US Locations

Sheetz crypto payments: 750+ US stores now accept Bitcoin, Ethereum, and more, rewarding customers through…

3 hours ago

Zhu Su Wife Sells Singapore Mansion for $38 Million

Zhu Su’s wife sells Singapore mansion for $38.5 million amid heightened financial scrutiny on Three…

4 hours ago

Bitcoin Spot ETF Outflows Hit $54.9M, First Decline in 7 Days

Bitcoin Spot ETF Outflows Hit $54.9M on Nov 1, marking the first decline in a…

5 hours ago

Ripple (XRP) And Cardano (ADA) Flash Bearish Indicators, WallitIQ (WLTQ) Flashes 6,000% Bullish Indicator

Analysts report that the XRP price and the Cardano price are displaying bearish indicators, while…

13 hours ago

This website uses cookies.