Lawsuit says Clorox hackers got passwords simply by asking

floofloof@lemmy.ca · 21 days ago

svc@lemmy.frozeninferno.xyz · 21 days ago

At least it wasn’t due to a user input sanitization issue

BigTrout75@lemmy.world · 21 days ago

Hi, I’m Steve from corp. I need your password to verify some settings…

expatriado@lemmy.world · 21 days ago

jee… is that easy? what’s your password OP?

floofloof@lemmy.ca · edit-2 21 days ago

hunter2, but don’t tell anyone because it’s a secret.

milkisklim@lemmy.world · 21 days ago

All I see is ******2

Apollo98@sh.itjust.works · 21 days ago

Ahh, I’m home finally

treadful@lemmy.zip · edit-2 21 days ago

RIP bash.org

EDIT: Nice, there’s a bunch of mirrors.

Zier@fedia.io · 21 days ago

Weird, because all I see is hunter*

limer@lemmy.ml · 21 days ago

correcthorsebatterystaple

onslaught545@lemmy.zip · 21 days ago

Yup, it is. Social engineering is by far the most effective means of gaining unlawful access to any system.

Humans are always the weakest link.

sugar_in_your_tea@sh.itjust.works · 21 days ago

Exactly. Many breaches follow this pattern:

Learn the name and some basic details about the secretary or something
Call corporate tech support asking for a password reset claiming to be the secretary
Access important stuff since secretaries have a surprising amount of access

Replace “secretary” with some other relevant individual who has a surprising amount of access and wouldn’t attract attention.