my immediate reaction when hearing their explanation was that their entire infrastructure must be completely fucked and that the admission alone would prevent them from operating… anywhere. they effectively confessed to failing every basic security principle there is and as a result they can not be trusted with any data whatsoever without a thorough, independent audit.
like, if this was actually an “unknown actor” we would either have gotten a cve number and 90 day grace period, or a complete shutdown and an animated ascii skull. the entire way they went about this shows their entire operation is untrustworthy, and the fact that they’re apparently not seeing that makes it even worse.
my immediate reaction when hearing their explanation was that their entire infrastructure must be completely fucked and that the admission alone would prevent them from operating… anywhere. they effectively confessed to failing every basic security principle there is and as a result they can not be trusted with any data whatsoever without a thorough, independent audit.
like, if this was actually an “unknown actor” we would either have gotten a cve number and 90 day grace period, or a complete shutdown and an animated ascii skull. the entire way they went about this shows their entire operation is untrustworthy, and the fact that they’re apparently not seeing that makes it even worse.