Oh noooo, 1% of their yearly gross revenue or 1.3% of their yearly gross profit. What a fine!

Side note: I would love to discover a public record of them paying these fines… we hear they ate fined, but never that they had to pay them. What is stopping them from cutting a deal of a payment plan over 20 years with 0% interest or full up front but only paying 30% of it or some lobbying BS.

We can infer that for sure this fine is coming out pre-tax.

CGNAT would throw a wrench in that when you have thousands of users using mobile data and they appear to be coming from the same ip.

It may be reasonable to block all logins for a time if they detect an attack like this

That would be a P1 incident and probably violate SLAs depending on the duration.

real names is definitely a breach

Oooh that’s pretty bad

all the root secrets are available in plain text the generator app at some point, they have to be. moving that to a single purpose device greatly reduces the risk of vulnerabilities in your phone leading to exfiltration via internet connection

I cannot think of a use-case outside of statecraft. Maybe companies engaged, or being engaged, in corporate espionage.

mine works for my personal google account, work one is sso and doesn’t have it enabled. otherwise gh, aws, auh0 support it, I’m forgetting some others I use. beyond that you can generate 2fa codes too

I use yubikey everywhere it’s available for me. Initially, the first few websites in the early years were challenging. I think a lot of devs were still trying to figure out the workflow.

But today, it’s usually as simple, or simpler, than TOTP.

So it might be worth trying again. I’d use a YubiKey 4 or higher if you can. If you have an older one, you may want to upgrade to take advantage of the newer technology like NFC and Bluetooth if you’re into that.

I just wish YubiKey could store more than like 30 TOTP tokens.

Setting up: https://www.yubico.com/setup/yubikey-5-series/

Supported services: https://www.yubico.com/works-with-yubikey/catalog/

Google Accounts (for your gmail): https://www.yubico.com/works-with-yubikey/catalog/google-accounts/

I use mine with AWS.

Sounds like a skill issue.

Have had yubikey for a few years. It was a pain to set it up initially, but it took me less than an hour if I remember correctly. Since then the only issue I have is that sometimes I accidentally bump into it and it pastes an OTK to a random place.

It is a foot in the door but honestly there are way too many doors out there so it’s really hard to measure the real damage of this.

I worked at a pretty major employment company like 20 years ago when basically everything was legal and we didn’t need to buy dark web datasets to find real names and contacts ever - most of that data is publicly available and can be captured with simple public scrapers and email checks.

I think expectation of names and emails being private should be thrown out of the window entirely and every security system should implicitly assume these details are publicly known.

Except this contains none of that

Of course, but where are names, physical addresses, DoB, SSN, etc in this dataset? It’s just mail and username

Bring your own domain! I use addy.io with my own domains.

Been using this for years and it works fine 99% of the time.

You can add your custom domain to it if you wish

I’ve just gone over 200 aliases and none of mine are blocked. Are you using a custom domain?

I found a .com domain helps with this. You can find some ugly ones for cheap

Ebay blocks me everytime. I checkout as guest and usually when I try to order from the same email again, it is indefinitely suspended for reasons they cannot explain to me.

Here is what you should have done. Get a cheap ass domain and signup for Zoho’s email service which is totally free. I bought a cheap domain from them. The price is very reasonable. Then AI proceeded to make use of their free email suite service, which requires your custom domain (hence the cheap domain purchase). The free email suite gives you give free email accounts. Each email account in turn has unlimited alias feature. I use their email accounts each for different uses (work, social media, etc). For only 10$ a year, I do not suffer from spam, promotions and shit. I use a dedicated alias for cookiebeggars and registration mofos who won’t let you see their content. Another alias for a pathetic spamming shopping site etc. They have a mail client for all platforms so no issue with accessibility. The email has calendar, bookmarking, note taking and other small managerial stuff too. I recomend this approach.

It’s never too late. Give it a try. With the 10 free emails you can compartmentalize pretty easily. I pay for Proton Unlimited so it comes with SimpleLogin Premium, so if you want to give it a spin, it doesn’t cost anything.

It’s a breach. Name and username should not be publically accessible using the email address alone.

☹️

If info was not public available, would call that „leaked“.

327 CVE entries for atlassian. Lots of critical and high severity ones too. Dont use anything by atlassian, unless you want your company getting ransomwared.

https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=atlassian&search_type=all&isCpeNameSearch=false

Meh. More they’re swimming with big fish for about a decade or more now.

It’s not that they’re bad, it’s that their priorities have shifted and they don’t care.

Kanban was actually developed by an engineer at Toyota to be used to help organize and plan tasks on the assembly line. It’s not strictly a development tool.

To add to the other users comment about it not being strictly a tech tool. Many people are using it to keep track of their New Year Resolutions :D. 🎊 Happy New Year

I have an active account and it also didn’t pop up in pwned.