How Google Authenticator gave attackers one company’s keys to the kingdom

Google's app for generating MFA codes syncs to user accounts by default. Who knew?

https://arstechnica.com/security/2023/09/how-google-authenticator-gave-attackers-one-companys-keys-to-the-kingdom/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social