- A jetlagged Troy Hunt accidentally clicked a link and logged into an account only to realise he had been phished.
- Despite reacting quickly, attackers were able to export a mailing list for Hunt’s personal blog.
- Hunt has detailed the attack and warned his subscribers in a timely fashion.
FIDO2 and security keys are the closest things we have to a solution. Unfortunately far too few companies support them. It would have saved him here because each credential only works with the proper URL for it.