- A jetlagged Troy Hunt accidentally clicked a link and logged into an account only to realise he had been phished.
- Despite reacting quickly, attackers were able to export a mailing list for Hunt’s personal blog.
- Hunt has detailed the attack and warned his subscribers in a timely fashion.
Don’t password managers verify the domain name before offering credentials?
Does that mean he doesn’t use a password manager?
Edit: RIP, now that’s a proper phishing. I understand where he’s coming from
This was mentioned in the write-up, the password manager didn’t autofill, but he was too out of it to notice at first
Depends… if you use an offline password manager ( like keepass), you can ask it to autotype your credentials into anything… if that’s what you ask it to do (ie it’s not a fault)
Main point though: don’t reuse the same credentials across different sites.
They’ll get 1 site, but not all the rest of them…
Not everyone uses a browser extension for their password manager.