Nostr

A leaky database spilled 2FA codes for the world’s tech giants

"...the technology company left one of its internal databases exposed to the internet without a password, allowing anyone to access the sensitive data inside using only a web browser, just with knowledge of the database’s public IP address."

One more example of how people are usually the weakest link in pentesting and cybersecurity.

#cybersecgirl #privacytechpro #cybersecurity #infosec #opsec

https://techcrunch.com/2024/02/29/leaky-database-two-factor-codes/

Reply to this note

Please Login to reply.

Discussion

SecondBreakfast 1y ago

Financial and phone carrier providers should really start giving the option of using something like Aegis instead of SMS for 2fa. Huge security issue

Ava 1y ago

💯 options for an authenticator app like aegis and hardware keys like yubikey should be the default options for 2fa. email and sms are not secure and more vulnerable to mitm attacks

mattybs 1y ago

SMS was how my email got hacked. Been on Authy forever now. I should yubikey

trosso19 1y ago

👀

zyrotin 1y ago

I learned my lesson of not using sms as 2fa the first time I traveled outside the US and lost access to over half of my apps.

nostr:nevent1qqsf3jw90465jtjzgvpv25pw9z67a5dfn6c6vw2fsllntk0as6hunhspw9mhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef0dec82c33ddkhxmnw0pmnvupcwekxkvnvxfjxsvp5xsek56m2xp68smphdfe8waecw9c8sdrkvs6rywrgv5cxzwr2w9chjdn5dfjhq0mzwfhkzerrv9ehg0t5wf6k2fn8d3hkyctv84skcmqzyp8t3qcs666wm9wx6e4rjkea8n64nwzl4my0w6ga4l2qt2fwq4wk6qcyqqqqqqg35ltk6