[ggreer]

You can see the resolution of the cameras in some of the account's other tweets. It's not high enough to see information on the screen. Watching keyboard inputs might be possible, but even then I doubt the framerate is high enough to get all the keys.

More importantly: at most companies, accessing sensitive systems requires more than just a username and password. Pretty much every place requires TOTP or HOTP, often via a hardware token. Many firms also restrict access to specific machines.

[kentonv]

Pretty much everything at Cloudflare requires, at the very least, a physical security key (e.g. yubikey) to get access.

[kadoban]

Yeah 2fa is a good point. You'd really hope that anything important would require it, but not sure that's universally true. Social engineering attacks become a lot easier possibly, 2fa tends to need to be overridden a lot because people lose their tokens.

I didn't see the low res cameras, that should make it harder. I wouldn't be surprised if AI or tedium (view each frame, guess and check, etc.) could still get you passwords, but yeah it's starting to sound like more of a stretch. If the cameras have sound that should help get creds too.