• spookedbyroaches@lemm.ee
    link
    fedilink
    arrow-up
    12
    arrow-down
    1
    ·
    1 year ago

    Just because this method is a subset of the brute force attack doesn’t mean that they don’t have request limiting. They are reusing known breached passwords from other platforms, which makes it basically a guarantee that they will get the right password if they don’t use a password manager. Their computer systems are secure, it’s just their business model that’s a privacy nightmare.

    • doppelgangmember@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I mean true, there’s nothing you can do with a successful attempt.

      But i feel like this still could have been limited. Required 2FA obvi comes to mind… You can limit rate in a lot of ways.