Hacker Uses AI to Deepfake Employee’s Voice in IT Company Breach
In a recent cybersecurity shocker, a hacker pulled off a crafty move using AI to mimic an employee’s voice, leading to a security breach at an IT firm. This breach hit Retool, a company that helps businesses build software, and had an impact on 27 cloud customers.
Here’s how it all went down:
The hacker began with a clever mix of tricks: social engineering, AI deepfakes, and a weak spot in Google’s Authenticator app. The first step was sending text messages to several Retool employees, claiming to be from the IT team. They said they were fixing a payroll issue that affected healthcare coverage. Most folks didn’t bite, but one did. That one unsuspecting employee clicked a link in the message, which led them to a fake login page. It had a multi-factor authentication (MFA) form — an extra layer of security.
Meanwhile, the hacker made a call to the same employee, using a deepfake voice that sounded just like them. They posed as an IT team member and seemed to know the office layout, colleagues, and internal procedures. The employee got suspicious, but it was too late. They gave up another MFA code. Meanwhile, the hacker made a call to the same employee, using a deepfake voice that sounded just like them. They posed as an IT team member and seemed to know the office layout, colleagues, and internal procedures. The employee got suspicious, but it was too late. They gave up another MFA code. Things took a nasty turn when the hacker got into the GSuite account. Google’s Authenticator app had recently added a cloud syncing feature. Sounds convenient, right? But here’s the catch: if your Google account is compromised, all your MFA codes are exposed.
Retool decided to spill the beans on this incident to warn others. They stressed the importance of staying sharp against social engineering — anyone can fall for it. They also called on Google to make it easier for companies to disable cloud syncing for their employees. This story reminds us that cyber threats are always evolving. It’s a stark reminder that we all need to keep our guard up and stay cyber-savvy in today’s digital world.