AT2k Design BBS Message Area
Casually read the BBS message area using an easy to use interface. Messages are categorized exactly like they are on the BBS. You may post new messages or reply to existing messages!

You are not logged in. Login here for full access privileges.

Previous Message | Next Message | Back to Friendly Debate (18+ please)  <--  <--- Return to Home Page
   Networked Database  Friendly Debate (18+ please)   [1913 / 2004] RSS
 From   To   Subject   Date/Time 
Message   Digimaus    All   Clorox h4x0red with social engineering   July 26, 2025
 11:05 PM *   

(I used to work for Cognizant.  This doesn't surpise me at all.  90%
East Indian and nearly all are barely competent to read from a script
and can barely speak English.  What could go wrong?  Social engineering
is still a very good way to hack but modern IT denies that.)

From: https://shorturl.at/lhWNh (nypost.com)

===
 Clorox sues IT firm Cognizant over cyberattack, alleges hackers got passwords
                                simply by asking

   By Reuters
   Published July 22, 2025, 3:19 p.m. ET

   Bleach maker Clorox said Tuesday that it has sued information technology
   provider Cognizant over a devastating 2023 cyberattack, alleging that the
   hackers pulled off the intrusion simply by asking the tech company's staff
   for employees' passwords.

   Clorox was one of several major companies hit in August 2023 by the
   hacking group dubbed Scattered Spider, which specializes in tricking IT
   help desks into handing over credentials and then using that access to
   lock them up for ransom.

   The group is often described as unusually sophisticated and persistent,
   but in a case filed in California state court on Tuesday, Clorox said one
   of Scattered Spider's hackers was able to repeatedly steal employees'
   passwords simply by asking for them.

   "Cognizant was not duped by any elaborate ploy or sophisticated hacking
   techniques," according to a copy of the lawsuit reviewed by Reuters. "The
   cybercriminal just called the Cognizant Service Desk, asked for
   credentials to access Clorox's network, and Cognizant handed the
   credentials right over."

   Cognizant did not immediately return a message seeking comment on the
   suit, which was not immediately visible on the public docket of the
   Superior Court of Alameda County. Clorox provided Reuters with a receipt
   for the lawsuit from the court.

   Three partial transcripts included in the lawsuit allegedly show
   conversations between the hacker and Cognizant support staff in which the
   intruder asks to have passwords reset and the support staff complies
   without verifying who they are talking to, for example by quizzing them on
   their employee identification number or their manager's name.

   "I don't have a password, so I can't connect," the hacker says in one
   call. The agent replies, "Oh, ok. Ok. So let me provide the password to
   you ok?"

   The 2023 hack caused $380 million in damages, Clorox said in the suit,
   about $50 million of which were tied to remedial costs and the rest of
   which were attributable to Clorox's inability to ship products to
   retailers in the wake of the hack.

   Clorox said the clean-up was hampered by other failures by Cognizant's
   staff, including failure to de-activate certain accounts or properly
   restore data.
===

-- Sean

... If you think education is expensive, try ignorance.
--- MultiMail/Win v0.52
 * Origin: Outpost BBS * Johnson City, TN (618:618/1)
  Show ANSI Codes | Hide BBCodes | Show Color Codes | Hide Encoding | Hide HTML Tags | Show Routing
Previous Message | Next Message | Back to Friendly Debate (18+ please)  <--  <--- Return to Home Page
VADV-PHP
Execution Time: 0.0154 seconds

If you experience any problems with this website or need help, contact the webmaster.
VADV-PHP Copyright © 2002-2025 Steve Winn, Aspect Technologies. All Rights Reserved.
Virtual Advanced Copyright © 1995-1997 Roland De Graaf.
 v2.1.250224