Tane Piper ⁂Now sure how much #AquaSecurity has cost the software industry by not rotating their keys after already being exploited - but at the time of posting there is at least 188 people in an internal channel related to their repos being exposed, and that's just our part of IKEA. I'd estimate for us it's at least €150k-€200k just for today wasted because the entire software industry seems to treat security as 'something to be done' instead of at the heart of everything we do. #trivy #secOps
Thomas Broyer@tanepiper AFAIK, they apparently DID rotate their secrets at the time, but somehow messed up and the attacker could have access to the new secrets.
Tristan Colgate-McFarlane@tanepiper unfortunately they are firmly in third strike territory now. Whether it's just incompetence and not active malice is now entirely irrelevant. Tomorrow I'll be switching to something else.