After $380M hack, Clorox sues its “service desk” vendor for simply giving out passwords
Hacking is hard. Well, sometimes. Other times, you just call up a company's IT service desk and pretend to be an employee who needs a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset... and it's done. Without even verifying your identity. So you use that information to log in to the target network and discover a more trusted user who works in IT security. You call the IT service desk back, acting like you are now this second person, and you request the same thing: a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset. Again, the desk provides it, no identity verification needed. Read full article Comments
Sign in to read the full article
Create a free account to access all news, downloads, and community features
Originally published by Ars Technica
Source: https://arstechnica.com/security/2025/07/how-do-hackers-get-passwords-sometimes-they-just-ask/
This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.