undefined | Better HN

0 pointsmillzlane1y ago0 comments

I wouldn't be so sure no one would hack an idle account. I had my Spotify account taken before I even used it. I think in my case they used my account to pump up other lesser known artists.

0 comments

belladoreai1y ago

Okay, sure. But if we have an account which has never had any legitimate activity on it ever - an account that has only ever been used to push malware - then I don't know if it matters much who is the "rightful owner" of the account. Things would be different if the GitHub account had some legitimate activity before the "hack".

millzlaneOP1y ago

I agree it doesn't matter much. Could be a noob mistake by the account owner and this is damage control.

janoc1y ago

There was also an actively exploited XSS vulnerability on Github in the recent days.

Doesn't mean that this guy was not a malicious actor, only that one shouldn't be so quick to cast stones without evidence.

belladoreai1y ago

The person who created the custom node is the same person who "hacked" it. Whether or not the account is technically owned by some unrelated civilian is not important, because there is no other activity on the account.

j / k navigate · click thread line to collapse

0 comments

belladoreai1y ago

millzlaneOP1y ago

I agree it doesn't matter much. Could be a noob mistake by the account owner and this is damage control.

janoc1y ago

There was also an actively exploited XSS vulnerability on Github in the recent days.

Doesn't mean that this guy was not a malicious actor, only that one shouldn't be so quick to cast stones without evidence.

belladoreai1y ago

j / k navigate · click thread line to collapse