Hacker News new | past | comments | ask | show | jobs | submit login

I wasn't commenting in any way on the legalities. IANAL and, frankly, I just don't think it's germane to my point.

Netsential clearly had a massive security vulnerability in their system that allowed one user to access the data of all other users. That's very much on them.

Consider a company that provides physical storage units and advertises that they are secure and can only be accessed by their owner. Then it turns out that there was a back alleyway running behind all the units that allowed any owner who had access to one unit the ability to access any other unit, without a key. I don't think anyone would suggest that would be anything other than a massive security oversight by the storage company. Yes, what the thief did was illegal and should be dealt with. But you'd have a hard time convincing me that the company itself wasn't primarily at fault for such a huge oversight in the first place. And I certainly would never use them again.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact