The hacker has put up the slides for the talk/demonstration here
This would be of limited interest here but for the first bullet point on slide 10:
• Rclone.conf is a great target
It's not clear from the slides what it is that makes .rclone.conf a "great target" (beyond "plaintext creds") and I'm not really competent to guess, but others might be.
Actually the last slide gives good summary - and it is 100% right:)
Be careful…
Seedboxes protect you from your ISP - but that is all they do.
Your data is still at risk. Your data can/will be found.
If you pay for illegal things don’t get mad when they are stolen.
Don’t expect admins who run seedboxes to know anything about security.
Don’t put API keys or passwords on seedboxes… you moron.
The FEDs could be doing these same attacks. I could see the real source IPs for
all other users in last logs.
Lots of people used their same username on different providers.
Lots of people would tunnel data back to their home machine, or SSH to other
boxes, like idiots.
Just to be clear: if someone has your rclone.conf they have access to your cloud account(s) in it.
Don't leave rclone.conf on your seedbox if you are not actively using it.