I should have been collecting the receipts on a rolling basis; chatter at the time for multiple of these was "deploying fast now for highest risk, doing the rest in a more controlled fashion after".
Thinking of:<li><p>npm ("encouraging FIDO2", anyway)</p></li><li><p>T-Mobile - <a href="https://www.t-mobile.com/news/network/additional-information-regarding-2021-cyberattack-investigation"; target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://www.</span><span class="ellipsis">t-mobile.com/news/network/addi</span><span class="invisible">tional-information-regarding-2021-cyberattack-investigation</span></a></p></li><li><p>Twitter - <a href="https://blog.x.com/engineering/en_us/topics/insights/2021/how-we-rolled-out-security-keys-at-twitter"; target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">blog.x.com/engineering/en_us/t</span><span class="invisible">opics/insights/2021/how-we-rolled-out-security-keys-at-twitter</span></a></p></li>
And probably:<li><p>Uber ("further strengthening our MFA", reading between the lines for 2022 breach and 2023 deployment) - <a href="https://www.uber.com/newsroom/security-update/"; target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://www.</span><span class="ellipsis">uber.com/newsroom/security-upd</span><span class="invisible">ate/</span></a></p></li><li><p>Discord (again, reading between the lines - 2023 breach, 2025 deployment)</p></li><li><p>eBay (public evidence is thinner here, but I got a couple of confidential reports)</p></li>
And a couple "we could see the writing on the wall" (they get points for that):<li><p>Google (2017) - <a href="https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/"; target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2018/07/go</span><span class="invisible">ogle-security-keys-neutralized-employee-phishing/</span></a></p></li><li><p>Cloudflare - <a href="https://blog.cloudflare.com/how-cloudflare-implemented-fido2-and-zero-trust/"; target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">blog.cloudflare.com/how-cloudf</span><span class="invisible">lare-implemented-fido2-and-zero-trust/</span></a></p></li>
Royce Williams
npub1d9…v7m3z
2025-09-23 20:17:18 UTC
in reply to nevent1q…xwsm
Author Public Key
npub1d9j86kugzarj4skw6juglk2de6mful9svqu8yac6vum5wz5xtcwsyv7m3zSeen on
wss://relay.momostr.pinkPublished at
2025-09-23 20:17:18 UTCEvent JSON
{
"id": "2a3e2cca19684cb26371f973f5ab4c10ff3d70f8310edcb33bd8ec1d47e93803",
"pubkey": "69647d5b8817472ac2ced4b88fd94dceb69e7cb0603872771a6737470a865e1d",
"created_at": 1758658638,
"kind": 1,
"tags": [
[
"p",
"fe31a74ce7a735689686a4a8bdb765a8f4db945d91b67412c75058a82a51cffd"
],
[
"e",
"b6d0e2bcb201d26588322a3d20c5de4200b9aed4696f32c149f923b0216d2620",
"",
"root",
"69647d5b8817472ac2ced4b88fd94dceb69e7cb0603872771a6737470a865e1d"
],
[
"p",
"69647d5b8817472ac2ced4b88fd94dceb69e7cb0603872771a6737470a865e1d"
],
[
"proxy",
"https://infosec.exchange/@tychotithonus/115255452530551011",
"web"
],
[
"e",
"10af5efd431a8cadf08f3a097f8688407c05858eac678a69c6ac2395ed0522cf",
"",
"reply",
"fe31a74ce7a735689686a4a8bdb765a8f4db945d91b67412c75058a82a51cffd"
],
[
"proxy",
"https://infosec.exchange/users/tychotithonus/statuses/115255452530551011",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/tychotithonus/statuses/115255452530551011",
"pink.momostr"
],
[
"-"
]
],
"content": "I should have been collecting the receipts on a rolling basis; chatter at the time for multiple of these was \"deploying fast now for highest risk, doing the rest in a more controlled fashion after\".\n\nThinking of:\u003cli\u003e\u003cp\u003enpm (\"encouraging FIDO2\", anyway)\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eT-Mobile - \u003ca href=\"https://www.t-mobile.com/news/network/additional-information-regarding-2021-cyberattack-investigation\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"\u003e\u003cspan class=\"invisible\"\u003ehttps://www.\u003c/span\u003e\u003cspan class=\"ellipsis\"\u003et-mobile.com/news/network/addi\u003c/span\u003e\u003cspan class=\"invisible\"\u003etional-information-regarding-2021-cyberattack-investigation\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eTwitter - \u003ca href=\"https://blog.x.com/engineering/en_us/topics/insights/2021/how-we-rolled-out-security-keys-at-twitter\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"ellipsis\"\u003eblog.x.com/engineering/en_us/t\u003c/span\u003e\u003cspan class=\"invisible\"\u003eopics/insights/2021/how-we-rolled-out-security-keys-at-twitter\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\n\nAnd probably:\u003cli\u003e\u003cp\u003eUber (\"further strengthening our MFA\", reading between the lines for 2022 breach and 2023 deployment) - \u003ca href=\"https://www.uber.com/newsroom/security-update/\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"\u003e\u003cspan class=\"invisible\"\u003ehttps://www.\u003c/span\u003e\u003cspan class=\"ellipsis\"\u003euber.com/newsroom/security-upd\u003c/span\u003e\u003cspan class=\"invisible\"\u003eate/\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eDiscord (again, reading between the lines - 2023 breach, 2025 deployment)\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eeBay (public evidence is thinner here, but I got a couple of confidential reports)\u003c/p\u003e\u003c/li\u003e\n\nAnd a couple \"we could see the writing on the wall\" (they get points for that):\u003cli\u003e\u003cp\u003eGoogle (2017) - \u003ca href=\"https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"ellipsis\"\u003ekrebsonsecurity.com/2018/07/go\u003c/span\u003e\u003cspan class=\"invisible\"\u003eogle-security-keys-neutralized-employee-phishing/\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eCloudflare - \u003ca href=\"https://blog.cloudflare.com/how-cloudflare-implemented-fido2-and-zero-trust/\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"ellipsis\"\u003eblog.cloudflare.com/how-cloudf\u003c/span\u003e\u003cspan class=\"invisible\"\u003elare-implemented-fido2-and-zero-trust/\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e",
"sig": "47ef8e5839187f5752b4d82d3de045744765fa8e9eef9ea5f485791f27a6fe6a3ebc1dd099ac9d5cc4f0ada289ccd4f804a4eff3537835dee7b2b7e577080412"
}