so uhhh i dont wanna alarm anyone but i think we're all fucked
or maybe its just those who use
circleci
slack
okta
auth0
lastpass
travisci
heroku
oauth
github
npm
twilio
authy
signal
cloudflare
mailchimp
digital ocean
or anything that hasnt realized its been breached yet
🤷♀️😬🧵
or maybe its just those who use
circleci
slack
okta
auth0
lastpass
travisci
heroku
oauth
github
npm
twilio
authy
signal
cloudflare
mailchimp
digital ocean
or anything that hasnt realized its been breached yet
🤷♀️😬🧵
CircleCI
December 21 2022 - January 4 2023
"we are confident that there are no unauthorized actors active in our systems"
circleci.com
December 21 2022 - January 4 2023
"we are confident that there are no unauthorized actors active in our systems"
circleci.com
Okta
Early December - December 21 2022
"There is no impact to any customers, including any HIPAA, FedRAMP or DoD customers. No action is required by customers."
LOLLLLL
sec.okta.com
bleepingcomputer.com
Early December - December 21 2022
"There is no impact to any customers, including any HIPAA, FedRAMP or DoD customers. No action is required by customers."
LOLLLLL
sec.okta.com
bleepingcomputer.com
Okta
January 16 2022 - January 21 2022
Disclosed March 22 2022
"between January 16-21, 2022 an attacker had access to a support engineer’s laptop"
"there is no impact to Auth0 customers"
LOLLL
okta.com
bleepingcomputer.com
January 16 2022 - January 21 2022
Disclosed March 22 2022
"between January 16-21, 2022 an attacker had access to a support engineer’s laptop"
"there is no impact to Auth0 customers"
LOLLL
okta.com
bleepingcomputer.com
Auth0 (owned by Okta)
"Late August"–September 26th, 2022
"no evidence of unauthorized access to our environments, or those of our customers, nor any evidence of any data exfiltration or persistent access"
L O L
auth0.com
bleepingcomputer.com
"Late August"–September 26th, 2022
"no evidence of unauthorized access to our environments, or those of our customers, nor any evidence of any data exfiltration or persistent access"
L O L
auth0.com
bleepingcomputer.com
LastPass
August 8 2022 - August 25 2022
"We detected some unusual activity within portions of the LastPass dev environment."
"We've seen no evidence that this incident involved any access to customer data or encrypted password vaults."
L
blog.lastpass.com
August 8 2022 - August 25 2022
"We detected some unusual activity within portions of the LastPass dev environment."
"We've seen no evidence that this incident involved any access to customer data or encrypted password vaults."
L
blog.lastpass.com
LastPass
August 8 2022 - November 30 2022
"We recently detected unusual activity within a third-party cloud storage service shared by LastPass & GoTo. Unauthorized party used info obtained in the August 2022 incident to gain access to certain elements of our customers’ info"
O
August 8 2022 - November 30 2022
"We recently detected unusual activity within a third-party cloud storage service shared by LastPass & GoTo. Unauthorized party used info obtained in the August 2022 incident to gain access to certain elements of our customers’ info"
O
LastPass
August 8 2022 - December 22 2022
"Info used from Aug incident led to cloud storage access key and dual storage container decryption keys being obtained...threat actor copied backup of customer vault data from encrypted storage container"
LLLLLL
blog.lastpass.com
August 8 2022 - December 22 2022
"Info used from Aug incident led to cloud storage access key and dual storage container decryption keys being obtained...threat actor copied backup of customer vault data from encrypted storage container"
LLLLLL
blog.lastpass.com
TravisCI
???????? - December 7 2022 - ?????????
???????? - December 7 2022 - ?????????
TravisCI
???????? - December 7 2022 - ?????????
???????? - December 7 2022 - ?????????
Twilio
??? - June 29 2022 - July 2 2022 - ???
"the malicious actor was able to access customer contact information for a limited number of customers. The threat actor’s access was identified and eradicated"
??? - June 29 2022 - July 2 2022 - ???
"the malicious actor was able to access customer contact information for a limited number of customers. The threat actor’s access was identified and eradicated"
Twilio
?? - August 7 2022 - ??
"If you are not contacted by Twilio, then it means we have no evidence that your account was impacted by this attack."
twilio.com
?? - August 7 2022 - ??
"If you are not contacted by Twilio, then it means we have no evidence that your account was impacted by this attack."
twilio.com
Twilio
??? - August 10 2022 - ???
"We have identified ~125 Twilio customers whose data was accessed by malicious actors for a limited period of time. There is no evidence that customer passwords, authentication tokens, or API keys were accessed without authorization"
"training"
??? - August 10 2022 - ???
"We have identified ~125 Twilio customers whose data was accessed by malicious actors for a limited period of time. There is no evidence that customer passwords, authentication tokens, or API keys were accessed without authorization"
"training"
Twilio
?? - August 24 2022 - ??
"To date, our investigation has identified 163 Twilio customers whose data was accessed without authorization. In addition, to date....the accounts of 93 individual Authy users"
twilio.com
?? - August 24 2022 - ??
"To date, our investigation has identified 163 Twilio customers whose data was accessed without authorization. In addition, to date....the accounts of 93 individual Authy users"
twilio.com
Twilio
??? - June 29 2022 - October 27, 2022 - ???
"....209 customers and 93 Authy end users..."
"hardware 2fa > training"
twilio.com
??? - June 29 2022 - October 27, 2022 - ???
"....209 customers and 93 Authy end users..."
"hardware 2fa > training"
twilio.com
Cloudflare (via Fake Okta)
July 20 2022
(cloudflare stands out for not totally screwing this up and already having fido2 for all. that said their 2yr delay in patching the unknowingly created api key vuln still disappoints me. but thats a diff story)
blog.cloudflare.com
July 20 2022
(cloudflare stands out for not totally screwing this up and already having fido2 for all. that said their 2yr delay in patching the unknowingly created api key vuln still disappoints me. but thats a diff story)
blog.cloudflare.com
Mailchimp
August 8 2022 - August 12 2022
supply chains being held up entirely by underpaid customer support teams wat could go wrong
August 8 2022 - August 12 2022
supply chains being held up entirely by underpaid customer support teams wat could go wrong
Digital Ocean via Mailchimp
August 8 2022 - August 15 2022
lol nothing could ever go wrong thats why we put supply chains on chains on chains on chains on *another* company's underpaid customer support team duh
digitalocean.com
August 8 2022 - August 15 2022
lol nothing could ever go wrong thats why we put supply chains on chains on chains on chains on *another* company's underpaid customer support team duh
digitalocean.com
Twilio, Cloudflare, and 130+ other orgs
"Oktapus"
okta
twilio
cloudflare
slack
citrix
mailchimp
intercom
dropbox
box
microsoft
hubspot
sendgrid
mailgun
twitter
yahoo
att
tmobile
verizon
binance
coinbase
kucoin
on and on and on...
blog.group-ib.com
"Oktapus"
okta
twilio
cloudflare
slack
citrix
mailchimp
intercom
dropbox
box
microsoft
hubspot
sendgrid
mailgun
yahoo
att
tmobile
verizon
binance
coinbase
kucoin
on and on and on...
blog.group-ib.com
on the bright side @campuscodi captured a lot of this + more in his latest risky business newsletter*s* thru the entire holiday
subscribe and follow, he deserves it
riskybiznews.substack.com
subscribe and follow, he deserves it
riskybiznews.substack.com
Loading suggestions...