> While PII data was potentially accessible, based on our current findings, we see no evidence that such data has been exploited.
How is this possible, when the journalist accessed the data to confirm it contained PII?
Each day I am more and more interpreting "we see no evidence" as "we didn't really look." That way their statement can be technically correct, without divulging any evidence that might be used against them when users sue for damages.
It's even a more blatant lie because 404media found the credentials in a Telegram group. So, yeah, there's no way this wasn't exploited by multiple people.
that statement really bothered me. they can of course say that they don't see any evidence of exploitation, but this kind of personal data is valuable to bad actors because they can take it from au10tix and then use it to exploit other services or the individuals directly. au10tix would never know about that exploitation.
How is this possible, when the journalist accessed the data to confirm it contained PII?
Each day I am more and more interpreting "we see no evidence" as "we didn't really look." That way their statement can be technically correct, without divulging any evidence that might be used against them when users sue for damages.