The direct link to this post, can be found at the bottom of this page. If you are not a paid subscriber, you will not see it!
Hello guys, I'm back again from my self-ban. I usually ban myself because this forum is so interesting and distracts me. lol.
Anyway, in August 30, 2024, I have compromised some employees' accounts belonging to Sunrun, which is an American provider of photovoltaic systems and battery energy storage products, primarily for residential customers. The company has $2.1 billion in revenue.
Compromising the employees was really easy. All I needed was to parse a bunch of their corporate emails from other breaches and test them all. I found out that most of the employees had MFA active, so it was easy to gain unauthorized access by simply spamming push notifications. lol. Moreover, Sunrun has a really strong CyberSec team behind them, so they deserve applause. I was able to exfiltrate some documents from their Google Drives, which were automatically connected with the corporate login because they detected me so fast. Not gonna lie, nothing really amazing was taken.
File List: Redacted
P.S.: They disabled logins from their portal. lol.
