@hetmehtaa: my company got breached the attacker had access for 11 days on day 3 he emailed our IT helpdesk complained that the VPN…
Summary
A humorous yet alarming account of a company breach where the attacker, after 3 days of access, contacted IT helpdesk complaining about slow VPN, was given a password reset and upgraded access, then rated IT support 5 stars before being discovered during forensics.
View Cached Full Text
Cached at: 05/18/26, 04:33 PM
my company got breached
the attacker had access for 11 days
on day 3 he emailed our IT helpdesk complained that the VPN was slow
our helpdesk reset his password upgraded his access tier to fix the “connectivity issue”
and closed the ticket as resolved
CSAT score: 5 stars
we found this in the logs during forensics
the attacker had rated our IT support excellent
Similar Articles
Police boast of hacking VPN where criminals "believed themselves to be safe"
Police and international authorities dismantled a VPN service used by criminals, seizing servers and identifying users, after a years-long investigation.
Dashlane explains how attackers managed to download encrypted password vaults
Dashlane disclosed a coordinated brute-force attack where threat actors abused device enrollment APIs to send one-time codes across thousands of accounts simultaneously, successfully downloading encrypted password vaults for fewer than 20 users before the attack was shut down.
In stunning display of stupid, secret CISA credentials found in public GitHub repo
A public GitHub repository named 'Private-CISA' exposed plaintext passwords, SSH keys, and tokens belonging to CISA, allowing high-privilege access to AWS GovCloud accounts. The breach was discovered by GitGuardian and reported by Brian Krebs, following a previous incident where the acting CISA director leaked government documents via ChatGPT.
Russia Hacked Routers to Steal Microsoft Office Tokens
Russian state-backed hackers (Forest Blizzard/APT28) used known vulnerabilities in old routers to hijack DNS settings and steal OAuth authentication tokens from Microsoft Office users, compromising over 200 organizations and 5,000 consumer devices without deploying malware.
The Vercel breach: OAuth attack exposes risk in platform environment variables
A June 2024 intrusion disclosed in April 2026 saw attackers abuse a compromised third-party OAuth app to access Vercel’s internals and expose customer environment variables, spotlighting OAuth supply-chain risks and platform secret-handling flaws.