an -> and

Author: TehShrike

Gathering-weak-npm-credentials.md

@@ -180,7 +180,7 @@ One of the accounts with publish access to `koa` had a password `password`, lite
 
 One of the users controlling ~2 million package downloads / month had their npm username as a password.
 
-The bruteforcer activity was noticed an prevented (via an IP ban) after approx 1½ days and a little less than 3 million requests to `/whoami`, but that was enough to bruteforce the top accounts — I gathered 35 accounts using this bruteforce before my IP got blocked, totaling to approx 151 000 000 package downloads per month (69% of the total bruteforce impact). I could have continued from another IP, but I notified npm at that point and coordinated with them — one of the initial questions was how fast would they notice the attack. Since then, those endpoints became better monitored and I was notified that a stricter ratelimit is now imposed. Note that a real attacker [would have started](#qa) with checking leaked credentials, and would have been able to gather most if not all of the high-impact ones in that time.
+The bruteforcer activity was noticed and prevented (via an IP ban) after approx 1½ days and a little less than 3 million requests to `/whoami`, but that was enough to bruteforce the top accounts — I gathered 35 accounts using this bruteforce before my IP got blocked, totaling to approx 151 000 000 package downloads per month (69% of the total bruteforce impact). I could have continued from another IP, but I notified npm at that point and coordinated with them — one of the initial questions was how fast would they notice the attack. Since then, those endpoints became better monitored and I was notified that a stricter ratelimit is now imposed. Note that a real attacker [would have started](#qa) with checking leaked credentials, and would have been able to gather most if not all of the high-impact ones in that time.
 
 #### Reused passwords leaked from other services