Clorox has filed a $380 million lawsuit against Cognizant, accusing its helpdesk of gross negligence after revealing that a cybercriminal obtained network passwords without any verification. Recorded conversations showed that attackers simply called the helpdesk and requested credentials, which were provided without identity checks. The lawsuit highlighted a consistent pattern of password resets and MFA resets throughout August 2023, demonstrating a significant security lapse. Experts emphasized that the breach was due to a lack of basic verification rather than sophisticated hacking techniques.
The complaint filed Tuesday in Alameda County Superior Court includes actual recorded conversations that reveal the stunning simplicity of the August 2023 attack that resulted in $380 million in damages to the consumer goods company.
Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques. The cybercriminal just called the Cognizant Service Desk, asked for credentials to access Clorox's network, and Cognizant handed the credentials right over.
In one exchange that epitomizes the security breakdown, a cybercriminal simply stated they couldn't connect without a password. The agent provided the password starting with 'Welcome...'.
The breach wasn't caused by malware or zero-days, but by the absence of basic verification. Enterprises must no longer equ.
Collection
[
|
...
]