←back to thread

I hacked a dating app (and how not to treat a security researcher)

(alexschapiro.com)
560 points bearsyankees | 1 comments | 12 May 25 16:39 UTC | HN request time: 0.2s | source
Show context
9283409232 ◴[12 May 25 17:16 UTC] No.43965328[source]
There's no penalty for failing at privacy and security so companies would rather play the odds that they will be fine than invest in proper practices. Alex says Cerca is being misleading when it comes to encryption but it seems to me they are outright lying and will likely face no consequences for it. In a more just world, this would trigger so many regulatory and compliance audits.
replies(3): >>43965421 #>>43965598 #>>43965867 #
1. mooreds ◴[12 May 25 17:26 UTC] No.43965421[source]
> There's no penalty for failing at privacy and security

I wouldn't say there's no penalty (they might have to pay for a year of identity theft protection or a fine).

I agree that the consequences are not in line with the damage to the public or customer base.