Security News > 2023 > September > Retool blames breach on Google Authenticator MFA cloud sync feature
Hack blamed on new Google Authenticator sync feature.
Retool is blaming the success of the hack on a new feature in Google Authenticator that allows users to synchronize their 2FA codes with their Google account.
Retool says that the feature is also to blame for the August breach severity as it allowed the hacker who successfully phished an employee's Google account to have access to all of their 2FA codes used for internal services.
As Kodesh explained, while, initially, Retool had enabled MFA, the auth codes synced by Google Authenticator to the cloud led to an inadvertent transition to single-factor authentication.
While Google Authenticator does promote its cloud sync feature, it is not required.
"While we continue to work toward these changes, we want to ensure Google Authenticator users know they have a choice whether to sync their OTPs to their Google Account, or to keep them stored only locally. In the meantime, we'll continue to work on balancing security with usability as we consider future improvements to Google Authenticator."
News URL
Related news
- Medibank breach: Security failures revealed (lack of MFA among them) (source)
- PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing (source)
- Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform (source)
- Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials (source)
- Cirrus: Open-source Google Cloud forensic collection (source)