Couldn't it be the case that the secrets were not useful for accessing sensitive... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		lazzlazzlazz on July 22, 2024 \| parent \| context \| favorite \| on: Researcher finds flaw in a16z website that exposed... Couldn't it be the case that the secrets were not useful for accessing sensitive emails? Their response made it sound like the secrets were limited to a specific, limit-used app.

Capricorn2481 on July 23, 2024 [–]

I'm just going off what the hacker said.

> the compromised list of services:

> their database (containing PII)

> their AWS

> their salesforce (never checked, account may be limited)

> mailgun (arbitrary emails from a16z domains, and also could read older emails)

> ... and probably more

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact