undefined | Better HN

0 pointsecf6y ago0 comments

> Between August 26 and August 31, 2019 an unauthorized party compromised a Segment employee’s Segment web application account without their knowledge, logging in with their email and password. This account had privileged access.

They weren't using 2FA, and only enabled after this incident. This is 100% Segment negligence.

0 comments

umvi6y ago

2FA doesn't guarantee this incident would not have taken place.

If it's not hardware-based (i.e. Yubikey), you can still spearphish people into putting their username, password, and 2FA token into a honeypot page which would give the attacker a window of unauthorized access.

j / k navigate · click thread line to collapse

0 pointsecf6y ago0 comments

They weren't using 2FA, and only enabled after this incident. This is 100% Segment negligence.

0 comments

umvi6y ago

2FA doesn't guarantee this incident would not have taken place.

j / k navigate · click thread line to collapse