- cross-posted to:
- pulse_of_truth
- cross-posted to:
- pulse_of_truth
New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.
And that’s why privacy people are against age verification and other verification methods that store your personal data. Idiots like this or underpaid government employees are unqualified to protect it. And they can’t leak what they don’t have.
There’s a book I really like in which they have to kiss their devices since all other used biometrics are already publicly available… through breaches.
inadvertently published the passwords to its back-end database
I hate this use of the word “inadvertently”. It’s meant to describe a situation where someone who has caused harm could not have reasonably known the consequence of his actions. For example, parents who fed their children tainted apple sauce inadvertently poisoned their children. In theory they could have done their own chemical analysis, but it’s not reasonable to personally test all food for lead.
This password was not published “inadvertently”. The company could have and should have avoided doing so. The right word is “carelessly”. They deserve blame.
(If you want to avoid making the company angry at you then at least say “accidentally” and leave the question of blame unanswered.)