Lawsuit says Clorox hackers got passwords simply by asking

floofloof@lemmy.ca · 3 days ago

expatriado@lemmy.world · 3 days ago

jee… is that easy? what’s your password OP?

floofloof@lemmy.ca · edit-2 3 days ago

hunter2, but don’t tell anyone because it’s a secret.

milkisklim@lemmy.world · 3 days ago

All I see is ******2

Apollo98@sh.itjust.works · 3 days ago

Ahh, I’m home finally

treadful@lemmy.zip · edit-2 3 days ago

RIP bash.org

EDIT: Nice, there’s a bunch of mirrors.

Zier@fedia.io · 3 days ago

Weird, because all I see is hunter*

onslaught545@lemmy.zip · 3 days ago

Yup, it is. Social engineering is by far the most effective means of gaining unlawful access to any system.

Humans are always the weakest link.

sugar_in_your_tea@sh.itjust.works · 3 days ago

Exactly. Many breaches follow this pattern:

Learn the name and some basic details about the secretary or something
Call corporate tech support asking for a password reset claiming to be the secretary
Access important stuff since secretaries have a surprising amount of access

Replace “secretary” with some other relevant individual who has a surprising amount of access and wouldn’t attract attention.

limer@lemmy.ml · 3 days ago

correcthorsebatterystaple

RandomStickman@fedia.io · 3 days ago

deleted by creator

BigTrout75@lemmy.world · 3 days ago

Hi, I’m Steve from corp. I need your password to verify some settings…

svc@lemmy.frozeninferno.xyz · 3 days ago

At least it wasn’t due to a user input sanitization issue

example@reddthat.com · 2 days ago

instead it was a user sanitization issue