←back to thread

Redbox left PII on decommissioned machines

(digipres.club)
294 points NotPractical | 6 comments | 16 Oct 24 00:15 UTC | HN request time: 1.077s | source | bottom
Show context
dylan604 ◴[16 Oct 24 02:26 UTC] No.41855041[source]
Take this as a lesson. If you've been a dev long enough, you've worked on a project knowing that how the project is being done isn't the best method with every intention of going back to make it better later, but not at the expense of getting the MVP up and running. You'll also have seen that never actually happening and all of those bad decisions from the beginning still living all the way to the bitter end.

I'm guessing not one person involved would have ever imagined their code being left on a machine just left out in the open exposed to the public completely abandoned by the company.

replies(4): >>41855099 #>>41855913 #>>41856088 #>>41856846 #
flomo ◴[16 Oct 24 06:12 UTC] No.41856088[source]
They might have had the most perfectly developed decommissioning process. And nobody is going to care when their paychecks stop showing up, and everything suddenly gets trucked-off into receivership.

Given the era and constraints, I don't see how it was irresponsible or 'sloppy' to have a local database on these things. This most likely is not on development.

replies(4): >>41856311 #>>41858208 #>>41859859 #>>41861159 #
1. dylan604 ◴[16 Oct 24 15:00 UTC] No.41859859[source]
> and everything suddenly gets trucked-off into receivership.

That's the problem. These things aren't getting collected and trucked off. They are just left rotting in their installed locations. I'm pretty confident that you could just show up to any of these with a tool box to just start opening one up to take out whatever you wanted from the insides, and not one person would question you. They already said they don't care if you never returned any discs you had in your possession, so nobody would care if you emptied their inventory of discs within. And until now, I'd wager not one person inside the company ever thought they might be vulnerable to a PII attack like this either.

replies(1): >>41860930 #
2. Kon-Peki ◴[16 Oct 24 16:20 UTC] No.41860930[source]
The host locations are pissed off that the machines are sitting there taking up space and using electricity. They certainly aren't going to be happy with someone opening it up and making a mess. Or potentially creating some sort of additional liability for them.

But if you show up with a van or a large truck, they'd probably pay you money to take the whole thing off their hands. And you can tear it apart in your own garage.

replies(2): >>41861853 #>>41864926 #
3. adolph ◴[16 Oct 24 18:00 UTC] No.41861853[source]
Theres probably lots of great robot disc handler stuff in those boxes.
replies(1): >>41862347 #
4. Kon-Peki ◴[16 Oct 24 18:43 UTC] No.41862347{3}[source]
There was an article in some source (sorry, I forget which) that interviewed a person somewhere in the Southeast US that has been paid to remove a dozen or two of them. It had some photos of the inside of the machine. You should look for it!
replies(1): >>41863153 #
5. pnw ◴[16 Oct 24 19:55 UTC] No.41863153{4}[source]
There's a Discord where people are sharing ideas on sourcing and modifying the kiosks. https://discord.gg/ZNXy722W5t
6. dylan604 ◴[16 Oct 24 23:26 UTC] No.41864926[source]
> taking up space and using electricity.

how hard would it be to unplug the units? if these things are on a shared electrical circuit with anything else in the store, then that's on them. If they are separated, then just flip the breaker. otherwise, there's going to be j-box some where near the thing connected to some conduit. ten gets you twenty that there's some wire nuts in that j-box that could be disconnected in less than a minute.

also, just show up with a clipboard, and if anyone asks you, just say you were hired to collect certain items from within but not remove the entire thing. just print up a fake work order. i don't think i'm thinking too far outside the box on this one.