top | item 38857587

(no title)

TheCapn | 2 years ago

Would be interesting to know how they were testing authentication. Were they using a botnet of any sort? Otherwise for every "valid" user/pass combo from an external leak they tested there'd be several failures. A single (or multiple) hosts smashing auth attempts should raise flags. They didn't "Brute force" one user account at a time, but they did brute force the authentication system in general.

discuss

dpkonofa|2 years ago

The current info that's been released seems to indicate that they used a botnet over the course of several months and had access to the "last known login location". So there wasn't any "smashing" happening and no "you're signing in from a different location" blocks either.