Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
News Security All topics
Unusual Case

U.S. Company Hacked After Criminals Simply Asked for Passwords

Person Enters Password on Laptop
Because passwords were easily disclosed over the phone, hackers were able to attack a company. Photo: Getty Images
Share article

July 24, 2025, 3:02 pm | Read time: 2 minutes

More than ever, digital security should be a top priority everywhere today. This applies to consumers, but even more so to companies that handle sensitive data from employees and customers. Outsourcing these tasks to external service providers is common practice. However, this has led to a bizarre incident in the U.S. A company was hacked, allegedly because employees of the IT service provider gave out passwords over the phone.

Employees Revealed Passwords Over the Phone

As reported by Channel News Asia, the case involves Clorox, a bleach manufacturer. Clorox is said to have sued the IT service provider Cognizant. The serious allegation: Cognizant employees allegedly gave important passwords to unauthorized individuals. The result was an attack by the hacker group “Scattered Spider” back in August 2023.

The members of “Scattered Spider” are capable of conducting attacks on computer-controlled systems. However, apparently no significant programming skills were needed to obtain the passwords over the phone. Elaborate social engineering was also reportedly not used, despite the group’s reputation for it. According to a lawsuit cited by Reuters, the perpetrators simply called and asked for passwords.

Excerpts from the conversation logs are said to support this. In one instance, a perpetrator asked for passwords, and the affected employee assisted without verifying the other person’s identity—not even asking for an employee ID or the supervisor’s name.

$380 Million in Damages

Cognizant has already responded to the lawsuit, claiming it was not responsible for Clorox’s cybersecurity. Instead, it was only minimally involved with the help hotline.

Also interesting: These Passwords Can Be Cracked by Fraudsters in One Second!

If the allegations are true, it would indeed be a case of negligence, as security expert Maxie Reynolds assesses. The hacking attack in 2023 caused damages amounting to about $380 million. Clorox also accuses Cognizant of delaying problem resolution due to further errors.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.