TL;DR - they detected the hack by centralizing, correlating, and monitoring their logs. Am I right?
This tweet is unavailable
1
4
Replying to @MalwareJake
Which is not to say that log centralization/monitoring is a bad idea. It's "IT 101".

Oct 20, 2016 · 7:42 PM UTC

1
1
Replying to @hal_pomeranz
No. But "we centralized logs and found an intrusion" isn't a feature story you'll see me tweeting about...
1
Actually, you did tweet about it. </snark>
1
2