Cloudflare employees were recently targeted by a “sophisticated” cyberattack, and even though some fell for the scheme, the DDoS protection company managed to successfully defend itself. 

In a blog post(opens in new tab), Cloudflare co-founder Matthew Prince, together with team members Daniel Stinson-Diess and Sourov Zaman, explained how the attack happened and what made the difference between success and failure.

The threat actor made a couple of key preparations ahead of the attack: they registered a domain that looked legitimate and would fool many victims: cloudflare-okta.com. Okta is Cloudflare’s identity provider. They also managed to somehow obtain the phone numbers of almost 80 Cloudflare employees, as well as family members for some.


More

Communications of the ACM: Passkeys unlock a new era for authentication

Until recently, replacing passwords has ranked somewhere between tricky and impossible. Passkeys completely eliminate passwords,…

Read More →

SC Media: What should Musk do to better secure Twitter users after 2FA goes away?

While Twitter CEO Elon Musk has defended the move to ban 2FA for non-subscribers as…

Read More →

SC Media: GitHub to roll out 2FA for all contributors starting March 13

GitHub will begin its official rollout of two-factor authentication for developers who contribute code on…

Read More →


Subscribe to the FIDO newsletter

Stay Connected, Stay Engaged

Receive the latest news, events, research and implementation guidance from the FIDO Alliance. Learn about digital identity and fast, phishing-resistant authentication with passkeys.