
Matrix.org hacked, hacker posts helpful issues in their GitHub - bifrost
https://github.com/matrix-org/matrix.org/issues/371
======
bifrost
If you read through the issues, you'll find they made some pretty basic
mistakes.

1) They checked credentials into public GitHub

2) They left their perimiter unguarded and the hackers leveraged their CI
system.

3) Hackers leveraged their Ansible setup to propagate creds

4) No SIEM/IDS

5) Poor key control

6) No 2FA

ouch.

