Tags: multi-factor authentication

OpenAI disclosed that a breach at Mixpanel, a third‑party analytics provider used for its developer platform, exposed limited analytics data belonging to some API developers. The compromised information included names, email addresses, coarse location, operating system and browser details, and organization IDs. OpenAI clarified that no ChatGPT user data, passwords, API keys, payment information, or government IDs were affected. In response, the company terminated its relationship with Mixpanel, launched expanded security reviews of its vendor ecosystem, and urged developers to enable multi‑factor authentication. Ler mais

Security researchers have identified a new phishing technique called CoPhish that weaponizes Microsoft Copilot Studio agents to steal OAuth tokens. By embedding fake login or consent flows in shared agents, attackers can trick users into granting access to their Microsoft accounts, allowing theft of email, chat, calendar, files and automation capabilities. Microsoft acknowledges the risk and says it will address the issue through product updates. Experts recommend immediate mitigations such as restricting third‑party app consent, enforcing conditional access and multi‑factor authentication, and closely monitoring unusual app registrations and token grants. Ler mais

AI-driven impersonation scams are exploding, using voice cloning and deepfake video to mimic trusted individuals. Criminals target victims through phone calls, video meetings, messages, and emails, often creating urgent requests for money or confidential information. Experts advise slowing down, verifying identities, and adding multi‑factor authentication to protect against these sophisticated attacks. The rise is driven by improved technology, lower costs, and broader accessibility, affecting both consumers and corporations. Ler mais