Yesterday, August 8, 2022, Twilio shared that they’d been compromised by a targeted phishing attack. Around the same time as Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare’s employees. While individual employees did fall for the phishing messages, we were able to thwart the attack through our own use of Cloudflare One products, and physical security keys issued to every employee that are required to access all our applications.

We have confirmed that no Cloudflare systems were compromised. Our Cloudforce One threat intelligence team was able to perform additional analysis to further dissect the mechanism of the attack and gather critical evidence to assist in tracking down the attacker.

This was a sophisticated attack targeting employees and systems in such a way that we believe most organizations would be likely to be breached. Given that the attacker is targeting multiple organizations, we wanted to share here a rundown of exactly what we saw in order to help other companies recognize and mitigate this attack.


More

Security.World: HID Unveils Next-Generation FIDO Hardware And Centralized Management At Scale

HID, a worldwide leader in trusted identity and access management solutions, has announced a new line of FIDO-certified credentials—now powered…

Read More →

GB News: Microsoft will start DELETING your passwords from today, and there’s only one way to save them

Microsoft has started to delete all passwords saved in its Authenticator app — and if you want…

Read More →

ZDNet: Syncable vs. non-syncable passkeys: Are roaming authenticators the best of both worlds?

Like or not, a replacement for passwords — known as passkeys — is coming your way, if…

Read More →


Subscribe to the FIDO newsletter

Stay Connected, Stay Engaged

Receive the latest news, events, research and implementation guidance from the FIDO Alliance. Learn about digital identity and fast, phishing-resistant authentication with passkeys.