Hacker News new | ask | show | jobs
by ZoFreX 3968 days ago
2 factor authentication has nothing to do with this, though, and would do absolutely nothing to protect against this occurrence or similar ones. 2 factor authentication is great in certain situations... but only when your code is operating correctly. If someone has achieved arbitrary code execution (even if only at the SQL layer) it's game over. 2FA won't save you.
2 comments
thefreeman 3968 days ago
they also brute forced employee accounts (likely the sql injection was in the employee facing section of the site)
link
juliangregorian 3968 days ago
Did you read the article? Not only was sql injection found, logins were brute forced. 2fa absolutely would have helped with that.
link