Uber & Thycotic: Are Password Vaults a Huge Security Vulnerability?
Too Long; Didn't Read
Security is complicated and managing credentials is tough. A 17 year old hacker, TeaPot, got hold of the credentials of an Uber contractor and began sending multi factor authentication requests to them repeatedly. Once the contractor got annoyed and hit accept, their account was used to access a script with admin credentials to Uber's password vault, Thycotic, giving them access to almost everything else.