1 - Don't be on-call while going to ski

2 - fail2ban and other automated systems can do this for you

3 - Passwords suck and are typically not regularly rotated unless you're using some centralized IdP

If you're in this situation you have already failed. If you use password auth use 2FA as well, and then I don't cry, it's just toil though.

For their computer to resolve this domain name, it's going to call out to a DNS server, of which Google hosts a major one. It can be assumed that they log these names, and can then use that as a "notification" for a site coming up.

Really egregious is taking the sales data. Business analytics around leads, customer satisfaction, pricing, etc are not the same as retaining general knowledge. If you left and remember the point of contact you had at a customer, that's allowed (barring non-solicitation agreements). If you leave and you take a list of customers, data that the business has generated about them, etc, that was never yours and it's not your knowledge. It's clearly the business's and there's usually dozens of people involved in the creation. That's clearly theft, especially since it was never yours to begin with.

- Founder publishing a private protocol definition to help in building for it

- Sales staff sending account and prospect info to their new cribl email addresses before leaving Splunk

- Engineers leaving Splunk with technical specifications, such as their newer S2S protocol versions

The patent stuff is kind of whatever, but all three of those items would be enough to establish some very clear damages. Cribls an exciting new player but they can't take shortcuts like this, if the allegations are founded.