Any clues what this was trying to do? I suppose we have to wait for Google to publicise what went on once OAuth had been granted.

My guess spreading + password resets + searching for files that can be downloaded/later used for crypto blackmail?

I think we are going to see some of the worst large scale ransom attempts shortly. They also timed it perfectly afternoon on hump day when everyone in USA is just getting ready for / back from lunch.

Working here. Try a non-US VPN if you want to stop doing work again.

Ran my VPN ansible script on a London-based VPS. I'm back to not working!

DYN is experiencing a DDoS

https://www.dynstatus.com/incidents/nlr4yrr162t8

Yep. Seems to be the root of the problem.

This would be appreciated here too. The functionality is great but it feels unnatural where it's currently positioned.