[daneel_w]

> "...and found no history of abuse..."

Because they didn't have enough logging or auditing to start with, or no logs or audit data left since the hack.

[tuetuopay]

from what I can gather from the post, the specific attack vector using "retry unauthorized requests until they are" is very easy to spot in logs. so even the most basic log policy that logs the path, ip, and status code is enough (i.e. default in most web servers and frameworks)

[redbar0n]

«Absence of evidence is not evidence of absence», seems to apply here.

[JKCalhoun]

Or they lied.

I mean, if you think about it from Cox's point of view — why would you disclose to someone outside the company if there had been history of abuse? Why would you disclose anything at all in fact?