[ripe-list] Attack on RIPE NCC Access - Please Enable Two-Factor Authentication

Furthermore, at least the Android version of FreeOTP has not seen any
updates since five years - which sort of puzzles me wrt. the "validity
of the offer".

On 19.02.2021 14:56, Carsten Schiefner wrote:
> Ivo & all -
> 
> it appears that on https://access.ripe.net/ the mentioned link for
> FreeOTP is somewhat outdated for almost four years now:
> 
> https://fedorahosted.org/freeotp/ redirects to
> https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement
> 
> , where it reads under "Summary":
> 
> "fedorahosted.org was retired on March 1st, 2017. [...]"
> 
> Seems that:
> 
> https://freeotp.github.io/
> 
> is the new entry point now - but I haven't checked it out in detail.
> 
> ATB,
> 
>     -C.
> 
> On 18.02.2021 16:43, RIPE NCC Security wrote:
>> Dear colleagues,
>>
>> Last weekend, RIPE NCC Access, our single sign-on (SSO) service was
>> affected by what appears to be a deliberate ‘credential-stuffing’
>> attack, which caused some downtime. We mitigated the attack, and we are
>> now taking steps to ensure that our services are better protected
>> against such threats in the future.
>>
>> Our preliminary investigations do not indicate that any SSO accounts
>> have been compromised. If we do find that an account has been affected
>> in the course of our investigations, we will contact the account holder
>> individually to inform them.
>>
>> We would like to ask you to enable two-factor authentication on your
>> RIPE NCC Access account if you have not already done so to ensure that
>> your account is secure. In general, using two-factor authentication
>> across all your accounts can help limit your exposure to such attacks.
>>
>> We will keep you informed about any relevant developments. If you have
>> noticed any suspicious activity in your RIPE NCC Access account, please
>> contact us immediately at security at ripe.net.
>>
>> Best regards,
>>
>> Ivo Dijkhuis
>> Senior Information Security Officer,
>> RIPE NCC