I know many people that are fascinated by the hack of San Francisco’s MUNI. I’m far more fascinated by the white-hat battles against the hacker, which may have resulted in breaching the miscreant’s email accounts. From Brian Krebs:
On Monday, KrebsOnSecurity was contacted by a security researcher who said he hacked this very same firstname.lastname@example.org inbox after reading a news article about the SFMTA incident. The researcher, who has asked to remain anonymous, said he compromised the extortionist’s inbox by guessing the answer to his secret question, which then allowed him to reset the attacker’s email password. A screen shot of the user profile page for email@example.com shows that it was tied to a backup email address, firstname.lastname@example.org, which also was protected by the same secret question and answer.