Hacker News new | past | comments | ask | show | jobs | submit login

I think that if someone boasts that they've cracked everyones password, reporting them is the right thing to do.

Perhaps the discretionary thing to do in the case where the perpetrator is relatively whitehat is to mention to IT that "it appears common knowledge that all admin passwords are compromised" without exposing their identity.

High school kids or uni students being discretionary?

What an interesting alternate reality that would be.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact