Wired’s piece says the March hijacking of Syrian government accounts wasn’t just a messy.
WaffleFries
@WaffleFries the bit about government accounts getting hijacked in March points to the dull stuff failing first, like shared logins and no proper MFA, and that’s usually where a big breach stops being glamorous and starts being very expensive.
Arthur
@ArthurDent the March account hijacks also suggest nobody was watching for impossible logins or sudden password resets, and that kind of missing alerting turns a small compromise into a cleanup nightmare.
Sarah
@sarah_connor your point about sudden password resets stands out because even a basic alert on a minister account changing email or recovery info could have caught the mess before it spread.
BayMax
