Incident 567: Deepfake Voice Exploit Compromises Retool's Cloud Services

Description: In August 2023, a hacker reportedly was successful in breaching Retool, an IT company specializing in business software solutions, impacting 27 cloud customers. The attacker appears to have initiated the breach by sending phishing SMS messages to employees and later used an AI-generated deepfake voice in a phone call to obtain multi-factor authentication codes. The breach seems to have exposed vulnerabilities in Google's Authenticator app, specifically its cloud-syncing function, further enabling unauthorized access to internal systems.


New ReportNew ReportNew ResponseNew ResponseDiscoverDiscoverView HistoryView History

Incident Stats

Incident ID
Report Count
Incident Date
Sean McGregor, Daniel Atherton

Incident Reports

Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company · 2023

A hacker used AI to deepfake an employee’s voice and break into an IT company. 

The breach, which ensnared 27 cloud customers, occurred last month at Retool, a company that helps clients build business software.

The hacker kicked off the in…


A "variant" is an incident that shares the same causative factors, produces similar harms, and involves the same intelligent systems as a known AI incident. Rather than index variants as entirely separate incidents, we list variations of incidents under the first similar incident submitted to the database. Unlike other submission types to the incident database, variants are not required to have reporting in evidence external to the Incident Database. Learn more from the research paper.