this post was submitted on 11 Jul 2026
287 points (99.7% liked)

Privacy

4808 readers
179 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] ExLisper@lemmy.curiana.net 6 points 2 days ago

My guess is oauth. He basically used fake Microsoft account to access services during the hack and them used his actual microsoft account to access something else. He used VPN for the hack but he connected from his actual IP to the second service. The only thing linking those was the GID. So they figured out his actual IP address and checked other logins from this IP around the same time and found out his other accounts.