[foxtrottbravo]

Adding insult to injury is the last Paragraph I actually missed:

> If companies like microsoft, facebook, twitter, nintendo or zoom can get hacked, what are our chances as a tiny team to not endup getting attacked ?

It's not about them getting attacked but they weren't the target of a three letter agency Throwing weaponized 0days their way either.

Anything that is remotely considered best practice would have helped:

Like having strong passwords for the "SuperAdmin" account that was compromised. It's called SuperAdmin for a reason don't you think?

Not using unsalted hashes in the first place?

Investing some of your ad revenue in making security updates to a system that was already bad the second it was conceived?

Their whole statement is insulting