Cybersecurity Dive just reported that Clorox is suing Cognizant for $380 million after a cyberattack crippled operations. The alleged trigger? A hacker posed as an employee and convinced someone to hand over a password. That’s it. No advanced zero-day exploit. No AI-powered quantum hack. Just a social engineering phone call and a password—and now Clorox wants $380 million in damages.
WTF.
This isn’t 2001. We all know by now that passwords—and even so-called “modern” MFA methods—are the weakest link. The fact that a multi-billion-dollar company’s operations can still be tanked by a simple impersonation scam is staggering.
But here’s the real kicker: this could have been completely avoided.
If Clorox had used Token BioStick or Token Ring, that hacker would have gotten absolutely nowhere. Here’s why:
And yet, companies are still betting their entire operations on outdated authentication methods like passwords, SMS codes, and authenticator apps—the very methods attackers are targeting because they work.
This lawsuit shouldn’t just be a wake-up call for Cognizant (and we don’t know what really happened here so they are innocent till proven otherwise). It’s a wake-up call for every enterprise still playing security roulette with legacy MFA. The technology to make this kind of social engineering attack impossible already exists.
It’s Token. Use it, and these $380 million “oops” moments simply don’t happen.
So ask yourself this: What’s cheaper, rolling out Token, or paying $380 million because someone believed a fake phone call?