|
|
|
|
|
|
by crispair
619 days ago
|
|
|
I wonder how they got access the their database? I read in this thread that they likely used a supply chain attack by replacing some polyfill scripts. So they could've injected malicious code (XSS) that logged email and password to a remote server which they could have gone through. With a bit of luck they couldve gotten access to an admin account or whatever… |
|
|
Maybe they managed to convince some critical service like an SSL cert provider that they were the owners of the subdomain? I don't know still wouldn't explain access to user and password database.