It says "He broke into the company's internal Slack messaging system ".
It does seem likely their approach is something along the lines of phishing or, given some of the other notes in the article, a combination of social engineering or stalking and blackmail...
I have a feeling a lot of these hacker groups that are heard about do very little code exploitation. I think a lot of it is: find info on employees of a company, maybe find their old social media accounts, maybe find some stuff they might not want their coworkers to ever know about or their spouses etc. And then harass and blackmail the employees for a way in.
If the news agencies were better at reporting, I think a lot of people would see these type of 'hackers' as less 'ooooh brilliant genius child like in the movies' and more 'straight up criminal harasser with no more skill than any normal software developer'.
The problem is that reporting the truth - "socially-awkward teens hacked their way into large companies by manipulating their idiot employees and exploiting lax security policies" would force many powerful people into answering uncomfortable questions and expose incompetence at many levels.
Keep in mind that at least one of the hacked companies (BT - British Telecom) is culturally relevant in the UK and sadly it is mostly considered as trusted and competent by the general non-technical population. Hell, they've even got a cybersecurity arm: https://www.globalservices.bt.com/en/solutions/security
It would be really inconvenient if it became common knowledge that all this perceived trust & competence was nothing more than smoke & mirrors and that some kids can blow right through it.
Therefore, there's a vested interest all the way up from the government to make the hack more sophisticated than it really is and the hacker a meaner monster than he is. That's also the reason behind the disproportionate sentence, despite similar phishing/social engineering/stalking crimes against the layman not being prosecuted at all.
It does seem likely their approach is something along the lines of phishing or, given some of the other notes in the article, a combination of social engineering or stalking and blackmail...
I have a feeling a lot of these hacker groups that are heard about do very little code exploitation. I think a lot of it is: find info on employees of a company, maybe find their old social media accounts, maybe find some stuff they might not want their coworkers to ever know about or their spouses etc. And then harass and blackmail the employees for a way in.
If the news agencies were better at reporting, I think a lot of people would see these type of 'hackers' as less 'ooooh brilliant genius child like in the movies' and more 'straight up criminal harasser with no more skill than any normal software developer'.