independent security researcher Kevin Beaumont and other analysts see evidence that some X origin servers, which respond to web requests, weren’t properly secured behind the company’s Cloudflare DDoS protection and were publicly visible. As a result, attackers could target them directly
oops
That dude was a special kind of stupid. The attack script had his name on it, usee his account status as the trigger, and was running from his laptop. It attacked other peoples profiles and was extremely explicit in being designed to revenge his firing.
There are for sure idiots in infosec, but when your job is working to close holes and gaps, it gets pretty easy to learn what to “forget” about if you want to cause devastation in a deniable way. There are so, so many ways to fuck this job up, doing it on purpose would be a cake walk.