[andrewguenther]

Even worse, they got AccessDenied when making that request and then extrapolated that they have access to $everything

[stingraycharles]

That’s ridiculous, it’s entirely possible that these are one-time credentials for a single purpose and/or severely limited in scope.

Not saying that it’s a certainty it’s not, but if you make such a claim, you should better have some evidence to back it up.