Thanks, I haven't read that yet. This is really concerning, I don't know why a employee has permission to get control in a user account. It's good that is a social media, but if this is a enterprise website...
Agreed. I think that's the ultimate lesson learned from this attack. The weakest link in your security is always the human; do not allow the tools you create to exploit this weakness any more than is necessary.
It'll be interesting to see how this plays out for them over the next few days/weeks.
So the lesson (or one of the lessons) is that their internal tools and their internal employees had way too many and powerful permissions granted to them. Oh and (I saw this mentioned somewhere else) an internal employee doing something security/privacy sensitive should not be allowed to perform that task alone, there should always be someone else looking over their shoulder (4 eyes principle).
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks, I haven't read that yet. This is really concerning, I don't know why a employee has permission to get control in a user account. It's good that is a social media, but if this is a enterprise website...
Agreed. I think that's the ultimate lesson learned from this attack. The weakest link in your security is always the human; do not allow the tools you create to exploit this weakness any more than is necessary.
It'll be interesting to see how this plays out for them over the next few days/weeks.
So the lesson (or one of the lessons) is that their internal tools and their internal employees had way too many and powerful permissions granted to them. Oh and (I saw this mentioned somewhere else) an internal employee doing something security/privacy sensitive should not be allowed to perform that task alone, there should always be someone else looking over their shoulder (4 eyes principle).