Home Videos After $380M hack, Clorox sues its “service desk” vendor for simply giving out passwords

After $380M hack, Clorox sues its “service desk” vendor for simply giving out passwords

Jul 23, 2025 comments off
After $380M hack, Clorox sues its “service desk” vendor for simply giving out passwords

As an Amazon Associate I earn from qualifying purchases.

Woodworking Plans Banner

Hacking is hard. Well, often.

Other times, you simply phone a business’s IT service desk and pretend to be a worker who requires a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset … and it’s done. Without even validating your identity.

You utilize that info to log in to the target network and find a more relied on user who works in IT security. You call the IT service desk back, imitating you are now this 2nd individual, and you ask for the exact same thing: a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset. Once again, the desk supplies it, no identity confirmation required.

You log in to the network with these brand-new qualifications and set about planting ransomware or exfiltrating information in the target network, ultimately doing an approximated $380 million in damage. Easy?

According to The Clorox Company, that makes whatever from lip balm to feline litter to charcoal to bleach, this is precisely what took place to it in 2023. Clorox states that the “debilitating” breach was not its fault. It had actually contracted out the “service desk” part of its IT security operations to the huge services business Cognizant– and Clorox states that Cognizant stopped working to follow even one of the most standard agreed-upon treatments for running the service desk.

In the words of a brand-new Clorox claim, Cognizant’s habits was “all a devastating lie,” it “failed to show even scant care,” and it was “aware that its employees were not adequately trained.”

“Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques,” states the claim, utilizing italics to show outrage focus. “The cybercriminal just called the Cognizant Service Desk, asked for credentials to access Clorox’s network, and Cognizant handed the credentials right over. Cognizant is on tape handing over the keys to Clorox’s corporate network to the cybercriminal—no authentication questions asked.”

I can has password reset?

From 2013 through 2023, Cognizant had actually assisted “guard the proverbial front door” to Clorox’s network by running a “service desk” that dealt with typical gain access to demands around passwords, VPNs, and multifactor authentication (MFA) such as SMS codes.

Learn more

As an Amazon Associate I earn from qualifying purchases.

You May Also Like

The geology that holds up the Himalayas is not what we thought, scientists discover

The geology that holds up the Himalayas is not what we thought, scientists discover

We finally have an idea of how the lifetime supply of eggs develops in primates

We finally have an idea of how the lifetime supply of eggs develops in primates

How the racist study of skulls gripped Victorian Britain’s scientists

How the racist study of skulls gripped Victorian Britain’s scientists

5 common mistakes beginner astrophotographers make — and how to avoid them

5 common mistakes beginner astrophotographers make — and how to avoid them

NASA telescope spotted rare interstellar comet 2 months before it was officially ‘discovered’

NASA telescope spotted rare interstellar comet 2 months before it was officially ‘discovered’

Texas suit alleging anti-coal “cartel” of top Wall Street firms could reshape ESG

Texas suit alleging anti-coal “cartel” of top Wall Street firms could reshape ESG

About the Author: tech