Service B: Incident two
Wednesday 5pm
You try to login to the service’s email account but it asks you for a 2-step verification code. You haven’t set this up and you don’t recognise the last digits of the mobile number it says the code has been sent to.
- Other staff say they can’t login either and nobody has setup 2-step verification on this account.
- You begin to receive phone calls from people who use the service. They are angry to have been sent emails demanding payment.
- Further calls come in from stakeholders warning that you are emailing malware out to people. You still have no access to your email account.