Quote:
Originally Posted by SmokeyTheBear
they did notice it ages ago , they neglected to investigate further when they obviously should have.
did they understand this was a system wide breach ? perhaps not .
should they have ? yes.
|
See thats the thing that doesn't make sense to me.
Fact: we know it was a password list that was obtained from TMM some kind of way, either a server hack, someone leaked the info, etc... some kind of way their admin account info for every client was released.
They say they noticed "this" problem months ago but thought it was isolated and they thought they fixed it.
Question: If you noticed that a few clients were having someone accessing their servers using your NATS admin account info, why the hell didn't you check all of your client's servers that you have access to.
Most likely answer: John probably blammed each of the people affected months ago and passed it off as their servers were hacked. I would bet he didn't think the problem was on his end so he didn't bother to take a couple mins to randomly start logging into clients servers to see if NATS admin accounts were accessing those servers 10x a day. He said this much in the first couple threads posted here a couple weeks ago. he siad the most likely answer was that the clients server was hacked.
If i am wrong please explain to me what I am missing here.