Google's security team look at how ShinyHunters has rolled out SSO scams

Mandiant analyzed ShinyHunters' MO, detailing how it steals login and MFA codes.
Hosted on MSN

Should you stop logging in through Google and Facebook? Consider these SSO risks vs. benefits

Many sites let you sign in with an existing login from consumer SSO providers. This approach results in a potentially risky centralization of your credentials. Passkeys allow you to compartmentalize ...

Mandiant details how ShinyHunters abuse SSO to steal cloud data

Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) ...
Bleeping Computer

ShinyHunters claim hacks of Okta, Microsoft SSO accounts for data theft

The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach ...
SlashGear

Stop Signing Into Websites With Google And Facebook And Do This Instead

On most major websites, you're bound to see a handful of familiar icons under the login credential fields. Likely, an option to sign in to that particular website via Google, Facebook, Apple, and ...