1. Google not providing end-to-end, two-factor, encryption of email. Meaning access to the password was access to the entire corpus. ProtonMail and a few other startups (I've recently created a PM account, otherwise no affiliation) are offering at least E2E email crypto.
2. Google's identity protections failed to detect the phishing attempt and illicit access. This for an exceptionally high-profile account.
Data are liability.
"Who are you?" is the most expensive question in information technology. No matter how you get it wrong, you, or rather, we all, are fucked.
1. Google not providing end-to-end, two-factor, encryption of email. Meaning access to the password was access to the entire corpus. ProtonMail and a few other startups (I've recently created a PM account, otherwise no affiliation) are offering at least E2E email crypto.
2. Google's identity protections failed to detect the phishing attempt and illicit access. This for an exceptionally high-profile account.
Data are liability.
"Who are you?" is the most expensive question in information technology. No matter how you get it wrong, you, or rather, we all, are fucked.