Security News > 2023 > September > Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients

Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack.

The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for making the breach worse, calling it a "Dark pattern."

"The fact that Google Authenticator syncs to the cloud is a novel attack vector," Snir Kodesh, Retool's head of engineering, said.

It all started with an SMS phishing attack aimed at its employees, in which the threat actors masqueraded as a member of the IT team and instructed the recipients to click on a seemingly legitimate link to address a payroll-related issue.

The sophisticated attack shows that syncing one-time codes to the cloud can break the "Something the user has" factor, necessitating that users rely on FIDO2-compliant hardware security keys or passkeys to defeat phishing attacks.

"Based on analysis of suspected UNC3944 phishing domains, it is plausible that the threat actors have, in some cases, used access to victim environments to obtain information about internal systems and leveraged that information to facilitate more tailored phishing campaigns," Mandiant disclosed last week.

News URL

https://thehackernews.com/2023/09/retool-falls-victim-to-sms-based.html