{"id":6320,"date":"2025-12-23T13:07:31","date_gmt":"2025-12-23T13:07:31","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=6320"},"modified":"2025-12-23T13:07:31","modified_gmt":"2025-12-23T13:07:31","slug":"one-time-codes-used-to-hack-corporate-accounts","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=6320","title":{"rendered":"One-time codes used to hack corporate accounts"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Security firm <a href=\"https:\/\/www.proofpoint.com\/us\/blog\/threat-insight\/access-granted-phishing-device-code-authorization-account-takeover\" target=\"_blank\" rel=\"noopener\">Proofpoint<\/a> has discovered that hackers have found a clever way to bypass multi-factor authentication (MFA) and thereby get their hands on accounts belonging to corporate users.<\/p>\n<p>In a nutshell, the hackers are using one-time codes from OAuth 2.0, an open standard that is supposed to be used to authenticate smart TVs and the like.<\/p>\n<p>Typically, the scammers pretend that a particular device needs a one-time code and get users to type the code into Microsoft\u2019s authentication link. Once users do so, the hackers gain full access to their Microsoft 365 accounts with all their content.<\/p>\n<p>Both Russian and Chinese hackers have used this method, so there\u2019s every reason for companies to tighten up their procedures. <\/p>\n<p>For additional reporting, see <a href=\"https:\/\/www.csoonline.com\/article\/4110419\/hackers-exploit-microsoft-oauth-device-codes-to-hijack-enterprise-accounts.html\">Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts<\/a>. <\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Security firm Proofpoint has discovered that hackers have found a clever way to bypass multi-factor authentication (MFA) and thereby get their hands on accounts belonging to corporate users. In a nutshell, the hackers are using one-time codes from OAuth 2.0, an open standard that is supposed to be used to authenticate smart TVs and the [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":6321,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-6320","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6320"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6320"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6320\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/6321"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6320"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6320"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6320"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}