๐ HackerOne: 2020-10-09 Credential Stuffing Attack
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Executive summary On October 4, 2020 and October 5, 2020, an attacker launched two credential stuffing attacks against HackerOne.com. On October 9, 2020, HackerOneโs Security team noticed the attack during their weekly audit of anomalies in their log aggregation platform, leading to the Incident Response team starting an investigation. The Incident Response team identified that a number of accounts had valid authentication attempts, of which some were blocked due to two-factor authentication. One account in particular had user activity from an unauthorized party, which viewed a number of report titles. After an investigation, the Incident Response team concluded that report contents hadnโt been accessed. On October 9, 2020, HackerOne immediately locked all affected accounts that had their credentials compromised. After the accounts were locked, HackerOne reached out to the account holders to notify them with instructions how to unlock their account and advice regarding their credentials. In the abundance of caution, programs of which report titles were viewed received a notification from HackerOne as well. Incident timeline | Date | Time (PDT) | What happened? | |---|---|---| | 2020-10-04 | 12:00p | Credential stuffing attack... ...