Another massive hacking operation, in which "1.2 billion user name and password combinations and more than 500 million email addresses" were stolen "from 420,000 websites," has been discovered, but we can't know about it, because there are still security vulnerabilities.
Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. At the request of The New York Times, a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic. Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information.

I mean, I'm pretty sure there's a way to let people know their shit has been stolen besides a public announcement, right? YOU'VE GOT OUR EMAILS.

I get that changing one's password while there's still a vulnerability is pretty useless, but it does give people the opportunity to protect themselves a little better—pay closer attention to their accounts, remove any stored credit card info, etc.

Of course, I also get that corporate PR is the priority here, not people's lives getting fucked with.

Shakesville is run as a safe space. First-time commenters: Please read Shakesville's Commenting Policy and Feminism 101 Section before commenting. We also do lots of in-thread moderation, so we ask that everyone read the entirety of any thread before commenting, to ensure compliance with any in-thread moderation. Thank you.

blog comments powered by Disqus