The article says the victim used 2fa. How did the attacker know their 2fa in ord... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		polynomial 19 days ago \| parent \| context \| favorite \| on: DuckDB NPM packages 1.3.3 and 1.29.2 compromised w... The article says the victim used 2fa. How did the attacker know their 2fa in order to send them a fake 2fa request?

fastest963 19 days ago [–]

They MITM the real sign-in on NPM. So NPM actually sent them a 2FA but the user entered it on the phishing site. The attacker then relayed that to the real NPM.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact