Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If anyone could view any of those secrets and access emails, then sensitive data was exposed. They can't just decide it wasn't exposed because no one else told them about this.


Couldn't it be the case that the secrets were not useful for accessing sensitive emails? Their response made it sound like the secrets were limited to a specific, limit-used app.


I'm just going off what the hacker said.

> the compromised list of services:

> their database (containing PII)

> their AWS

> their salesforce (never checked, account may be limited)

> mailgun (arbitrary emails from a16z domains, and also could read older emails)

> ... and probably more




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: