Raman Shalupau, on ksaitor.medium.com:
In this article, I’ll try to recreate the exact timeline of events, the damage, commentary on how this could have happened. I’ll also talk about a few moments that I don’t yet understand (mostly around 2FA) and hope my readers will be able to help me out.
Not much on how it happened, but good reminder that you need to constantly self-audit your security setup. Other than not using Chrome’s password manager, this is not an all too different setup than mine. Curious of wary he finds the attack vector was.