Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The article says the victim used 2fa. How did the attacker know their 2fa in order to send them a fake 2fa request?


They MITM the real sign-in on NPM. So NPM actually sent them a 2FA but the user entered it on the phishing site. The attacker then relayed that to the real NPM.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: