Retool Details
Retool
San Francisco, CA • 364 employees • Information Technology
Industry
Information Technology
Security Incidents
1
Security Incidents
Retool Breach of Aug 2023
Show more
Show more
Customer data was indeed exposed, including user emails and passwords, which allowed attackers to take over accounts, poking around some of the Retool apps belonging to these customers. Additionally, an affected employee's MFA codes stored in Google Authenticator were compromised, allowing unauthorized access to internal admin systems and the VPN. There was no impact on on-premise or managed...
Show more
Severity Score
Significant to High
Type
Phishing AttackSummary
On August 27, 2023, Retool experienced a spear phishing attack coinciding with an internal migration to Okta for login management. An employee was deceived by an SMS purporting to be from IT and directed to a fraudulent portal, subsequently surrendering their login credentials and a multi-factor authentication (MFA) code during a call utilizing a deepfake of a coworker's voice. The attacker added their own device to the employee's Okta account, gaining access to GSuite and all synced MFA codes via Google Authenticator's new cloud sync feature. Using these codes, the attacker infiltrated Retool...Show more
Severity
The August 2023 cyber incident at Retool revealed significant vulnerabilities in multi-factor authentication (MFA) practices and highlighted the sophisticated nature of modern social engineering attacks. This breach involved a targeted spear-phishing campaign that leveraged deepfake technology to deceive an employee into providing critical MFA codes, granting the attacker access to internal systems and customer accounts. Although the impact was limited to 27 cloud accounts and excluded on-premise customers, the incident underscores the severe risks associated with software-based OTPs for MFA, ...Show more
Impact
The cyber security incident that Retool experienced on August 27, 2023, was a spear phishing attack. This breach affected 27 of their cloud customers, specifically targeting those in the crypto industry.Customer data was indeed exposed, including user emails and passwords, which allowed attackers to take over accounts, poking around some of the Retool apps belonging to these customers. Additionally, an affected employee's MFA codes stored in Google Authenticator were compromised, allowing unauthorized access to internal admin systems and the VPN. There was no impact on on-premise or managed...
Show more
KEEP YOUR ENVIRONMENT SECURE
Weak credentials are the leading cause of breaches. Beyond Identity can help.
See MFA exploits in action
Watch how adversaries exploit companies in quick videos