undefined | Better HN

0 pointsshkkmo3y ago0 comments

I meant the major breach before this one, I believe that was the one that gave attackers access to their dev environment, which they used to steal the developer credentials they used to make this attack.

0 comments

tinco3y ago

I don't agree that was enough of a reason to drop them. An attacker getting access to your dev environment, even if you're one of the largest security focus endeavours, is pretty much an inevitability. Someone's gonna get access to one of your engineers macbooks, no matter what.

The thing that's bad, is that apparently their developers have access to (backups off) production data. That implies that their security infrastructure is not different from regular startups at all so all of their marketing is just bullshit. They didn't sacrifice developer productivity for security on this point, so they can't be trusted to have sacrificed anything for security at any point.

j / k navigate · click thread line to collapse

0 pointsshkkmo3y ago0 comments

0 comments

tinco3y ago

j / k navigate · click thread line to collapse