Lawsuit says Clorox hackers got passwords simply by asking | Spyke

cybersecurity·Cybersecuritybyfloofloof

Lawsuit says Clorox hackers got passwords simply by asking

Lawsuit says Clorox hackers got passwords simply by asking

https://www.nbcnews.com/business/business-news/lawsuit-says-clorox-hackers-got-passwords-simply-asking-rcna220313Open link View original on lemmy.ca

91

jee.. is that easy? what's your password OP?

24

floofloof reply

hunter2, but don't tell anyone because it's a secret.

45

milkisklim reply

All I see is ******2

39

sh.itjust.works

Ahh, I’m home finally

28

RIP bash.org

EDIT: Nice, there's a bunch of mirrors.

8

Zier reply

Weird, because all I see is hunter*

12

onslaught545 reply

Yup, it is. Social engineering is by far the most effective means of gaining unlawful access to any system.

Humans are always the weakest link.

20

sugar_in_your_tea reply

sh.itjust.works

Exactly. Many breaches follow this pattern:

Learn the name and some basic details about the secretary or something
Call corporate tech support asking for a password reset claiming to be the secretary
Access important stuff since secretaries have a surprising amount of access

Replace "secretary" with some other relevant individual who has a surprising amount of access and wouldn't attract attention.

11

limer reply

correcthorsebatterystaple

9

RandomStickman reply

3

Hi, I'm Steve from corp. I need your password to verify some settings....

9

lemmy.frozeninferno.xyz

At least it wasn't due to a user input sanitization issue

8

example reply

instead it was a user sanitization issue

1

Lawsuit says Clorox hackers got passwords simply by asking | Spyke