Midnight blizzard

• password spray attack

Crowdstrike

• Ops also need to be tested: dev testing, rollback testing

Storm-0558

• long lived token signing key
• out-of-dated token validation logic
• non-standard AuthN pattern
• not able to revoke centrally
• excessive app permission
• Secrets across boundaries