Well, this certainly isn't what I expected to be talking about this week! But I think the fact it was someone most people didn't expect to be on the receiving end of an attack like this makes it all the more consumable. I saw a lot of "if it can happen to Troy, it can happen to anyone" sort of commentary and whilst it feels a bit of obnoxious for me to be saying it that way, I appreciate the sentiment and the awareness it drives. It sucked, but I'm going to make damn sure we get a lot of mileage out of this incident as an industry. I've no doubt whatsoever this is a net-positive event that will do way more good than harm. On that note, stay tuned for the promised "Passkeys for Normal People" blog post, I hope to be talking about that in next week's video (travel schedule permitting). For now, here's the full rundown of how I got phished:
References
- Sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing
- I obviously didn't like being on the receiving end of this, but I reckon 34 minutes from pwned to public disclosure is a new record 😊 (this is what I'm going to be driving organisations towards in many future data breach cases)
- Despite me falling for something I should have spotted, the public response and press had been outstandingly positive (that's a piece from this week's sponsor, I felt their writeup summed things up nicely)