• A jetlagged Troy Hunt accidentally clicked a link and logged into an account only to realise he had been phished.
  • Despite reacting quickly, attackers were able to export a mailing list for Hunt’s personal blog.
  • Hunt has detailed the attack and warned his subscribers in a timely fashion.
  • randombullet@programming.devEnglish
    15·
    5 days ago

    Don’t password managers verify the domain name before offering credentials?

    Does that mean he doesn’t use a password manager?

    Edit: RIP, now that’s a proper phishing. I understand where he’s coming from

    • subversive_dev@lemmy.mlEnglish
      14·
      5 days ago

      This was mentioned in the write-up, the password manager didn’t autofill, but he was too out of it to notice at first

    • SayCyberOnceMore@feddit.ukEnglish
      3·
      5 days ago

      Depends… if you use an offline password manager ( like keepass), you can ask it to autotype your credentials into anything… if that’s what you ask it to do (ie it’s not a fault)

      Main point though: don’t reuse the same credentials across different sites.

      They’ll get 1 site, but not all the rest of them…