Originally Posted by
EvilDoctorK
You'd hope not , but I guess it might not be that surprising !
The interesting thing will for sure be finding out how they got that JS file up onto the main site domain .. it's a bit different to the ticketmaster hack in that respect
Yep - and an audit of access permissions would be interesting. Whether they had point of least privilege set up as an operational standard, across both people and systems, with appropriate review frequencies. I've seen some poor techniques from the big and small consultancies, and a true expert with appropriate levels of company seniority (either the consultancy or client) in this domain is essential - it tends to be seen as an overhead despite the huge fines which can now be levied.