top | item 38463028

(no title)

aquaphile | 2 years ago

Remember RSA and OPM? The RSA hack had huge implications for the Department of Defense, and was probably a state-sponsored hack (likely China). Around the same time the Office of Personnel Management (OPM) was hacked. So the state-sponsored hackers got to all the private details of anyone with classified access and clearances (which can be used for blackmail or for answering those strange "Who was your 3rd grade teacher?" auth questions to get past an identity test), and simultaneously could hack the rotating MFA codes from RSA.

Auth companies will always be a high value target for state-sponsored espionage.

discuss

6LLvveMx2koXfwn|2 years ago

Fields which may facilitate security questions such as those you quote are explicitly not included in the report run by the 'threat actor'. In fact "for 99.6% of users in the report, the only contact information recorded is full name and email address."[1]

1.TFA

halJordan|2 years ago

Maybe you could read the flipping comment?

halJordan|2 years ago

Man those were the good old days. Remember when Gemalto, the main producer of key card cryptographic materiel- including DOD CACs- was hacked?

aquaphile|2 years ago

Yep. Gemalto was hot stuff for a while.