Comment by Qem
7 months ago
It was due to a contractor that sold his password for peanuts. Not much opacity here. They shoud stop relying on poorly paid outside contractors.
7 months ago
It was due to a contractor that sold his password for peanuts. Not much opacity here. They shoud stop relying on poorly paid outside contractors.
Yes, a developer for an upstream dependency sold their credentials and the attackers were able to use that to create transactions in client banks' Pix infrastructure.
> Not much opacity here.
I think a black box implemented by a third party that can steal your funds is the definition of opacity.
> They shoud stop relying on poorly paid outside contractors.
A great deal of financial software is written by poorly paid contractors, but it's rare that one set of credentials can introduce systematic risk to a financial system.
> They shoud stop relying on poorly paid outside contractors
Besides paying decent wages, they should get rid of single points of failure, being them silicon or meat based.