Developer Platform Retool Breached in Vishing Attack

Developer platform Retool disclosed it suffered a breach last month that involved vishing attack on an employee and affected 27 cloud customers. In a blog post on Wednesday, Retool revealed it was targeted in a spear phishing attack on August 27. A threat actor impersonating an IT staff member conducted SMS-based phishing and a successful vishing attack to obtain authentication logins that led to the total account takeover of one Retool employee. Retool notified all 27 affected cloud customers on August 29 and confirmed that no on-premises accounts were affected. The attack started with targeted texts sent to several employees using an account issue and healthcare coverage as a lure. The messages contained a URL that mimicked Retool's own internal identity portal and tricked one employee into logging into the malicious link that contained a multi-factor authentication (MFA) form. The attack escalated with one phone call and a significant amount of knowledge on the target organization.