He looked in the window of a car and saw tons of users' personal information -- visible through the window! Any criminal could walk by and copy the info, privately, without anyone knowing. Maybe some criminals already have.
I think the important thing we miss with car/physical crime analogies is that cybercrime can be so invisible. Nothing is missing, nothing is taken... but users private data is lost. So if an organization is doing something terribly naive like publishing passwords to userdata in plaintext... it's disgusting for our society to punish the wrong people, the people pointing out the flaws rather than the ones who cause them. All the really malicious entities came and went and will never be caught.
They put private information into a JSON file accessible by an HTTPS GET, the only password being one that they put in plaintext onto everyone's phones.
My analogy: They put the private information onto a billboard, but you can only see the billboard from a particular vantage point in a public park.
I think the important thing we miss with car/physical crime analogies is that cybercrime can be so invisible. Nothing is missing, nothing is taken... but users private data is lost. So if an organization is doing something terribly naive like publishing passwords to userdata in plaintext... it's disgusting for our society to punish the wrong people, the people pointing out the flaws rather than the ones who cause them. All the really malicious entities came and went and will never be caught.
They put private information into a JSON file accessible by an HTTPS GET, the only password being one that they put in plaintext onto everyone's phones.
My analogy: They put the private information onto a billboard, but you can only see the billboard from a particular vantage point in a public park.