|
|
|
|
|
|
by rsaxvc
986 days ago
|
|
|
You're not wrong that this wasn't a sophisticated attack. What's disappointing is that it worked well at scale. > this attack could be done on literally any website. The issue is people re-used passwords, and also did not have 2fa enabled. While possible to execute at scale on some websites, this type of attack tends to be quite loud on the receiving end once appropriate metrics are selected for monitoring and alerting. > "We do not have any indication at this time that there has been a data security incident within our systems." They should probably work on that, given that those systems were used to extract their customer's data, and that they only noticed when their customer's data was being sold. Given how far behind they are on disclosure I'd guess they may have only found out from media inquiries. |
|
|