Security firm Group-IB said at least 136 companies were phished by the same hackers , including Twilio, LastPass and DoorDash. Authy, which is owned by Twilio, stored two-factor authentication tokens for 75 million users, hackers logged into the personal accounts of 93 of those users, and added new devices that received one-time passwords, Authy says it has removed unauthorized additions . The source code of LastPass was accessed by hackers, but user master passwords were not affected. DoorDash said an undisclosed number of user names, email addresses, shipping addresses, phone numbers, and portions of payment card numbers were accessed by hackers. There are various indications that the hackers have well-planned and precise executions, and have mastered extremely high resourcefulness and skills.
This article is reprinted from: https://www.solidot.org/story?sid=72600
This site is for inclusion only, and the copyright belongs to the original author.