Brian Vallelunga

And this is like the phone call for me where I was like, Oh shit, my life has just ended. Like from the highest, really, really quickly. Um, and I was really scared and, but like also kind of like, this is odd, like never bought anything from Mexico before. So like, okay. Um, And the back of my head, I was like, this is a scam probably.

And this is like the phone call for me where I was like, Oh shit, my life has just ended. Like from the highest, really, really quickly. Um, and I was really scared and, but like also kind of like, this is odd, like never bought anything from Mexico before. So like, okay. Um, And the back of my head, I was like, this is a scam probably.

But then they started rattling off all this information about me that they knew. All the places I had lived in the past, locations I had been to, like, just so, like, a wealth of information about me that I was like, no one could possibly know this but the government. And so, like, I trusted them. I was like, okay, I'm actually being investigated here.

But then they started rattling off all this information about me that they knew. All the places I had lived in the past, locations I had been to, like, just so, like, a wealth of information about me that I was like, no one could possibly know this but the government. And so, like, I trusted them. I was like, okay, I'm actually being investigated here.

And obviously we get lawyers on the call as well. Like, this becomes a really scary ordeal for all of us. And it wasn't until about like an hour in that our lawyers picked up that it wasn't that it was a scam. And but during that hour, we also gave them a whole lot more information about me. Right. Because we thought we were being investigated and they were asking questions.

And obviously we get lawyers on the call as well. Like, this becomes a really scary ordeal for all of us. And it wasn't until about like an hour in that our lawyers picked up that it wasn't that it was a scam. And but during that hour, we also gave them a whole lot more information about me. Right. Because we thought we were being investigated and they were asking questions.

And so like this is and like, again, I'm a CEO of a cybersecurity company. I'm trained on this. Our employees are trained on this. Our legal team is trained on this. And they still got us for an hour. Right. I can imagine everyday Joe who's not trained could really get attacked here.

And so like this is and like, again, I'm a CEO of a cybersecurity company. I'm trained on this. Our employees are trained on this. Our legal team is trained on this. And they still got us for an hour. Right. I can imagine everyday Joe who's not trained could really get attacked here.

And like, I was lucky that all they did was get a little bit more information about us, but they were able to get that information because of other information that got breached. Right. That bought them the credibility to get new information.

And like, I was lucky that all they did was get a little bit more information about us, but they were able to get that information because of other information that got breached. Right. That bought them the credibility to get new information.

But imagine my mom, my sister, or anyone else like that who's not gone through any of that training, does not have legal counsel immediately readily available to them that can jump on the call for this. Oh my gosh, I cannot imagine all the information that would be given up and all of a sudden their bank accounts are drained or their credit score is completely ruined or whatever it may be.

But imagine my mom, my sister, or anyone else like that who's not gone through any of that training, does not have legal counsel immediately readily available to them that can jump on the call for this. Oh my gosh, I cannot imagine all the information that would be given up and all of a sudden their bank accounts are drained or their credit score is completely ruined or whatever it may be.

um it can get really terrifying really fast and that's why i come back to like whenever i see like a data breach and it's like x millions of people's data was just got out it's like wow like scammers are now like parading in the streets going like oh my gosh i just got a ton of data that's going to get me so much more data that can eventually get me to like the jackpot of all this money or or whatever they're trying to go after um and so there's real people's lives including mine that have been impacted by this and that is something that's like often not talked about at

um it can get really terrifying really fast and that's why i come back to like whenever i see like a data breach and it's like x millions of people's data was just got out it's like wow like scammers are now like parading in the streets going like oh my gosh i just got a ton of data that's going to get me so much more data that can eventually get me to like the jackpot of all this money or or whatever they're trying to go after um and so there's real people's lives including mine that have been impacted by this and that is something that's like often not talked about at

And so when you're a developer and you're like, oh, should I put this in a new file or not? Or should I secure my secret? It's just one token. It's just a string. It's like, well, that string may impact a million people's lives someday. So to treat it right.

And so when you're a developer and you're like, oh, should I put this in a new file or not? Or should I secure my secret? It's just one token. It's just a string. It's like, well, that string may impact a million people's lives someday. So to treat it right.

No, I think you're totally right. I mean, there's two common things that we see all the time. One is like some source code goes public or some email gets leaked and that has a secret in it to like an AWS account. And you'll see one or two things happen immediately.

No, I think you're totally right. I mean, there's two common things that we see all the time. One is like some source code goes public or some email gets leaked and that has a secret in it to like an AWS account. And you'll see one or two things happen immediately.

The first is their bill just like skyrockets in seconds because now they're using AWS for some other bot attack or for mining crypto or whatever it may be. That happens very, very commonly. And it's surprisingly how fast those secrets get found. I think there was an average stat that it's within three to five seconds of a repo going public.

The first is their bill just like skyrockets in seconds because now they're using AWS for some other bot attack or for mining crypto or whatever it may be. That happens very, very commonly. And it's surprisingly how fast those secrets get found. I think there was an average stat that it's within three to five seconds of a repo going public.