Brianna Wu · Jul 11, 2020 · 12:27 AM UTC

Brianna Wu

Brianna Wu @BriannaWu

11 Jul 2020

The password is 64 digits, randomly generated, and unique. And somehow they still got it. Google’s Titan Product just stopped my campaign emails from leaking. Take infosec seriously, everybody. If not for yourself, then for your colleagues.

161

717

3,516

Bil Corry · Jul 11, 2020 · 1:50 AM UTC

Bil Corry · Jul 11, 2020 · 1:50 AM UTC

Bil Corry @bilcorry

11 Jul 2020

Replying to @BriannaWu

Are you still able to log into it with your password? Curious if the password was reset somehow to a value the attacker knows.

Jul 11, 2020 · 1:50 AM UTC

Brianna Wu · Jul 11, 2020 · 3:25 AM UTC

Brianna Wu @BriannaWu

11 Jul 2020

Replying to @bilcorry

Yes, I could before I changed it.

Bil Corry · Jul 11, 2020 · 4:12 AM UTC

Bil Corry @bilcorry

11 Jul 2020

That doesn’t bode well, it means it was captured via phishing, sniffed via MitM, stolen via keylogger/malware, stolen from a place that has it stored, observed if you typed it in, or perhaps brute-forced. Regardless, that’s what 2FA is for, so congrats on excellent OpSec!

more replies

Coleen Coolidge ☀️🌻 · Jul 11, 2020 · 2:30 AM UTC

Coleen Coolidge ☀️🌻 @coleencoolidge

11 Jul 2020

Replying to @bilcorry @BriannaWu

Great point!!!