> I couldn't understand why the ex-Amazon cloud lead was also in charge of Slack. When he made all channels private and put a Slackbot in every channel to monitor conversations, I knew it was all over. I'm worried his Slackbot logs are part of the leak. Guy had his hands in everything :(

He did.... what? That sounds like straight out of a Dilbert comic.

I mean, I didn't necessarily agree with all of his methods or reasonings on everything, but I've come to realize a lot of times his hands were just as tied as ours. And the draconian surveillance stuff? Yeah, he was directed to do that. One guess by whom.

He was "in charge" because he convinced Robert that he was the right guy for the job by finding a security flaw that let him log into Robert's personal UniFi Protect setup at his home. At that point Robert basically gave him carte blanche, but also started directing him to lock everything down. More than a bit of paranoia there, in my opinion.

He was in charge of cloud when he "found" a way to forge Ubiquiti SSO logins for any user using his root access to the SSO signing secrets.

In the Krebs article the whistleblower calls out forging SSO logins as one of the things that was compromised. If the attacker is really an ex-employee like Ubiquiti says, then it's scary that the SSO signing keys aren't even being rotated after the account forgery stunt.

> Adam says the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies.

> Same guy who took over GitHub and forced everyone into his self hosted source control because he couldn't trust Github.

sounds smart to me. I wouldn't trust github either.