|
|
|
|
|
|
by ecf
2480 days ago
|
|
|
> Between August 26 and August 31, 2019 an unauthorized party compromised a Segment employee’s Segment web application account without their knowledge, logging in with their email and password. This account had privileged access. They weren't using 2FA, and only enabled after this incident. This is 100% Segment negligence. |
|
|
If it's not hardware-based (i.e. Yubikey), you can still spearphish people into putting their username, password, and 2FA token into a honeypot page which would give the attacker a window of unauthorized access.