Security News > 2023 > September > Retool blames breach on Google Authenticator MFA cloud sync feature
Hack blamed on new Google Authenticator sync feature.
Retool is blaming the success of the hack on a new feature in Google Authenticator that allows users to synchronize their 2FA codes with their Google account.
Retool says that the feature is also to blame for the August breach severity as it allowed the hacker who successfully phished an employee's Google account to have access to all of their 2FA codes used for internal services.
As Kodesh explained, while, initially, Retool had enabled MFA, the auth codes synced by Google Authenticator to the cloud led to an inadvertent transition to single-factor authentication.
While Google Authenticator does promote its cloud sync feature, it is not required.
"While we continue to work toward these changes, we want to ensure Google Authenticator users know they have a choice whether to sync their OTPs to their Google Account, or to keep them stored only locally. In the meantime, we'll continue to work on balancing security with usability as we consider future improvements to Google Authenticator."
News URL
Related news
- Google Cloud to make MFA mandatory by the end of 2025 (source)
- All Google Cloud users will have to enable MFA by 2025 (source)
- Google Cloud Expands Confidential Computing Portfolio (source)
- Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users (source)
- Google Cloud Cybersecurity Forecast 2025: AI, geopolitics, and cybercrime take centre stage (source)