[vertex-four]

> These credentials were likewise not obtained by a breach of our systems and we strongly suspect they were obtained from an insecure connection to our technical partner’s web portal (the web platform in question allows access via http).

This makes no sense - how did the attacker get between gandi.net and their technical partner in order to MITM them? MITMs aren't magic - simply sending an unencrypted password somewhere doesn't result in it becoming public knowledge unless a router or switch in the path is malicious.

[musicnarcoman]

> This makes no sense - how did the attacker get between gandi.net and their technical partner in order to MITM them?

On the top of my head, bgp hijacking perhaps?

> MITMs aren't magic

No. But do not trust the network. Ever.

[vertex-four]

If it's BGP hijacking, there'll be evidence somewhere.

And no, don't trust the network, but "the network isn't trustworthy" is not a diagnosis, only a potential risk factor. "X entity used BGP hijacking to situate their router between me and Y" is a diagnosis.