A case study in why credentials are revoked before firings.
Update: The company that employed the brothers went unnamed in court documents but was identified in the press as Opexus. An eagle-eyed Ars reader points out that, back in December, the company gave a series of quotes to Cyberscoop about the entire incident. Though Opexus did background checks, the company admitted that “additional diligence should have been applied,” it acknowledged that “the terminations were not handled in an appropriate manner,” and it said that “the individuals responsible for hiring the twins are no longer employed by Opexus.” Clearly, the failure here was all-encompassing.
I remember working at a TV station where I got caught in a round of layoffs. Most of us they told in advance, that our last day would be in six weeks, but they laid off an engineer at a smaller station and had him gone immediately. They also deleted his account that day, and that’s when they discovered he was running a lot of station processes through his own account. I think it took the corporate engineers a week to get everything back to a fully operational state.
Yeah, so many git credentials are tied to the account that created them.
I do something like this at my workplace. I guess it gives me leverage, but the main reason is that my boss drags his heels so much when I try to improve the workflow that it’s easier for me to just crack on without his knowledge.
Apparently this is common enough that there is a term for it.
That was a wild read. Glad they got caught, who knows what scheme they had for the guns.
Good reason to have an AI agent ready to go actually.
So they could delete the backups as well? Great idea!
We’ve definitely never seen that backfire at all in recent history…
