

Password Breach? That'll Be $172,000,000 Please - chunsaker
https://www.stormpath.com/blog/password-breach-thatll-be-172000000-please

======
shaggyfrog
> That $400k is nothing compared to the total cost. Sony reported an estimated
> outlay of $171M for insurance, customer support, and rebuilding their user
> management and security systems. Since the breach, partially due to a drop
> in customer confidence, Sony’s stock price has dropped from $30 to $13.

Post hoc ergo propter hoc.

------
michaelhoffman
Part of the $172 million Sony reports includes "rebuilding their user
management and security systems." But having satisfactory user management and
security systems in the first place is what would have allowed them to avoid
such an attack. It's not an _extra_ cost from failing to engineer things
correctly; it's the cost of engineering things correctly.

~~~
pavel_lishin
Good point; the extra cost is what they paid to develop the original poorly
designed systems. (I wonder how much that was?)

------
expralitemonk
Sounds like a great reason to form an LLC for any software endeavor.

~~~
eurleif
Most of the costs mentioned here are business costs, not legal liability. And
I doubt a small developer would get a $400k fine for a password breach.

------
brennenHN
This is why we're storing important user credentials on a user's phone instead
of all on a central server! (<https://clef.io>)

~~~
chunsaker
What happens if your phone gets stolen?

~~~
dasil003
0.0000014286% of the damage that happens when Sony's database gets hacked
(assuming equal payload).

~~~
dmix
As a consumer though, I could change my password on a server if it gets
stolen. But how would I reset it after my phone was stolen if authentication
is all stored client side?

