[matthewdrussell]

Also let me reiterate this is an isolated event. We handle over 10,000 chat sessions every day without a glitch. I invite people to use our live chat service and see what is and what is not possible, as well as the security precautions we have in place.

[onion2k]

Also let me reiterate this is an isolated event. We handle over 10,000 chat sessions every day without a glitch.

What do you use to tell whether a chat session is a genuine user or someone successfully using a social engineering attack against your chat operatives? If the answer is "nothing" then you can't know if this is an isolated event or how many of your chat sessions go without a glitch.

[tamar]

There are identification methods requested via chat. Matt invited you to try it. Go for it.

[vehementi]

Parent's point was, how do you tell whether or not your rep was socially engineered? Only some mistakes get complained about. If you don't have such a method then your "10000 sessions a day without a problem" number is fantasy.

[fefifofu]

We don't need to try. A hacker already did and was successful.

[ryanl0l]

>Also let me reiterate this is an isolated event.

Is it? Does that mean that my ability to reset your users solusvm passwords with or without 2fa constitutes as a 1337 0day?

Hey BTW, remember that time you got hacked through your support site and didn't tell anyone?

[greggman]

Have you considered making this something that can't be done manually?

First of I can social engineer one of your staff. Regardless of how much you train them. I could also bribe your staff or try to get you to hire a plant. Yea that last one is far fetched but just making a point that as long as someone can manually do these things someone will.