Again, it's not the same as people dying in a plane crash, but it's not in the, "The car I ordered wasn't the same shade of blue I thought I was getting" category either.
As a software engineers (if you are one), we at some point have obligations to our end users that top the obligations to the people who pay for our work. And if I worked for Boeing, it's not my personal obligation to safety that keeps that plane safe, it's Boeing's obligation, and their interest in a culture that manifests a mindset in developers of "There's a lot riding on your decisions."
We are eventually going to come around to the fact that business models which require keeping sensitive user data are highly risky — just like businesses that handle toxic chemicals.
Just like businesses who use and discard into the environment toxic chemicals that there are no regulations covering.
questions i've been asking myself lately:
- how embarrassing or worse would an HN data breach (plug in favorite $social_network) be to me when logs are exposed that link my activity in a way that can trivially deanonymize me? how much does this reduce the value of consuming the service in the first place?
- how embarrassing or worse would a data breach at Uber/Lyft/other ride sharing be for me? consider exposure of geolocation + timestamps. how much does this reduce the value of consuming the service in the first place?
- repeat for things like online dating or whatever else
these additional questions have helped me put risk vs. reward into perspective when consuming services, no matter where they live or how useful they seem prima facie.
Something a informal as friends watching some sport often have lucky items or rituals that show up over time. The degree to which this is simply an in joke can change over time especially when groups grow.
What do you mean by this?
Seems to be the same or at least very similar idea.
Your comments: https://news.ycombinator.com/threads?id=USERNAME
In API form: https://hacker-news.firebaseio.com/v0/user/USERNAME.json?pri...
Everything you do here is rather public...
Exactly, we need to be very serious about the security of the thousands of users at risk here and it's ironic how they list themselves in this security fault. This to me looks like clownish behavior here.
But come on! You have to give them credit for informing you about all the other security breaches out there and now including themselves. But hey, karma's a bitch isn't it? :)
They've explicitly claimed the “glitch” which exposed customer personal data to other customers was not a breach, so it's pretty clear they will not.
It seems this was happening for a long time, but Credit Karma did not notice until their social media team came in at 9am PDT.
We need to make some big changes and I am not looking forward to living in the inevitable future where they haven't been made.
Had a terrible experience with them when they started their tax service (first year of it). I let them know they had the wrong format for Hawaii tax IDs and they told me I was wrong and to go somewhere else because I didn’t know what I was doing.
Turns out they had their shit wrong. Glad it happened so I realized how trash their company was. Thankfully I was able to make them delete my account.
Caches are built and served to the wrong person so everyone who saw someone else's profile can probably be sure theirs was shown to someone else.
Yet you could simply refresh the page as any logged in user and see a new random account. This is a data breach. You could build a scraper in ten minutes.
Is this true? Why? Where can I go to get a more accurate credit rating?
Some esoteric lenders might use VantageScore and, for the most part, if you have a good VantageScore 3.0 you'll most likely have good FICO scores.
> Due to our recordkeeping and information retention requirements, we do not delete information about you upon deactivation. We will, however, disable your account and stop sending you further communications. Furthermore, except to the extent necessary for legal or regulatory recordkeeping purposes, we anonymize the data in your Member Profile two years after you deactivate your account. It may take a little more time for our automated backup systems to fully process the anonymized account, though.
I noticed that refreshing would give me other results and got less worried about identity theft... and more worried about what was happening at CK.
They got a lot more explanation to do.
"Your data is exposed"
Edit: Thanks for the edit!
> “What our members experienced this morning was a technical malfunction that has now been fixed. There is no evidence of a data breach,” the statement said.
Imagine the phrase "Fuck Your Engineering Bullshit" was used instead - I'm pretty sure there'd be a lynching.
Telling other people they are wrong is classic engineer bullshit.
So maybe she is an engineer... since she said there was no data breach.
Edit: Ok, they may not be owned by Equifax, but they are 10+ years old with 700 employees and over $500 million in revenue in 2016. I don't know what definition of 'startup' you use, but that doesn't meet my definition.
Is there any way to force a US company to scrub your data, including from logs and backups?
I haven't read it in detail, but they may cover your first sentence.