Hindsight is a bitch. Of course using 2-factor auth was the way to go, of course offsite backups have to really be "off site" (and not available to anyone with access to AWS control panel to delete), etc, etc, etc.
Now there are many "of courses" for the owners (that external people already knew, but it doesn't help their situation). It seems that for them these things weren't so obvious as they are now... the unknown unknowns.
Sad story but I'd call lessons learned for them, no news for the rest of the Internet.
Now there are many "of courses" for the owners (that external people already knew, but it doesn't help their situation). It seems that for them these things weren't so obvious as they are now... the unknown unknowns.
Sad story but I'd call lessons learned for them, no news for the rest of the Internet.