I received an email from tardigrade stating that somebody was trying out username/password combinations in an attempt to gain access to tardigrade accounts.
This got me wondering. What could an attacker hypothetically do if they did successfully gain access to my account? What information would be made available to them? Why would they want access to an account? So they could get free storage?
From what I can tell the only information about my stored data that is accessible is the bucket names along with the total size of the data and the number of objects stored in it.
API key names are displayed along with an option to delete the API key. If an attacker deleted an API key from the website, would anything happen to my stored data or my ability to access it? if no, what is this delete feature for?