

How Reuters got compromised by the Syrian Electronic Army - Hoff
https://medium.com/@FredericJacobs/6bf570e1a85b

======
apaprocki
What's more plausible -- Google 2-factor was disabled, or a user re-used the
same login/password on a site without 2-factor? Passwords will be with us for
a long time to come. Employers should buy employees 1Password or equivalent
for their own safety and require long unique random strings for every 3rd
party account. Employers can control that somewhat but can't force vendors to
implement 2-factor.

------
matheusbn
[TD;DR]

It wasn't a problem inside reuters, but their 3rd party provider called
(Taboola), which injects ads on reuters. So once Taboola hacked, the ads
system started injecting a script to redirect that page to another one.

Finally: Be careful with those 3rd parties ads tools etc.

