Hacker News new | past | comments | ask | show | jobs | submit login

All this lawyering over the definition of 'breach' is failing to see the forest for the trees. It is a breach of trust, even if not a breach of technical security controls.

I think there's a meaningful, non-definition difference - and in some ways it makes Facebook look worse.

Metaphorically, somebody had a gun, and someone else took that gun and used it to rob a bank. Equifax left the gun sitting visible in an unlocked car, and people are angry about the predictable results. Facebook was running a "borrow my gun" program for strangers, but had a clause saying "no using my gun for crimes, no lending my gun to any third parties". One of those strangers lent the gun to the robber, and Facebook is saying this isn't their problem because they said not to do that.

So yes, they're both bad outcomes. But "breach" usually means "this was stolen without our knowledge", and that's a very misleading impression to create here.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact