←back to thread

I hacked a dating app (and how not to treat a security researcher)

(alexschapiro.com)
561 points bearsyankees | 2 comments | 12 May 25 16:39 UTC | HN request time: 0.404s | source
Show context
camcil ◴[12 May 25 17:14 UTC] No.43965309[source]
In a data conscious world, the complete and utter disregard for PII and lack of competency in design and implementation would result in catastrophic business failure.

They may have "patched" the ability to exploit it in this way, but the plaintext data is still there in that same fragile architecture and still being handled by the same org that made all of these same fundamental mistakes in the first place. Yikes.

replies(1): >>43966157 #
hiatus ◴[12 May 25 18:33 UTC] No.43966157[source]
> In a data conscious world, the complete and utter disregard for PII and lack of competency in design and implementation would result in catastrophic business failure.

As you are probably well aware, we do not live in that world. Companies like Equifax can suffer breaches exposing the personal information of millions and stock still goes up.

replies(3): >>43966215 #>>43966219 #>>43966353 #
baxtr ◴[12 May 25 18:39 UTC] No.43966215[source]
PII data breaches, especially PHI data can lead to high financial losses, mostly in the US through litigation. Fines in the EU are low in comparison.

Companies don’t like to talk about this, and they bury these costs deep down in their financial statements. But trust me, they’re quite substantial.

replies(1): >>43966498 #
1. senderista ◴[12 May 25 19:08 UTC] No.43966498[source]
If that's true, then stock prices should reflect that. But that's not what we see after major PII breaches at publicly traded companies.
replies(1): >>43966666 #
2. baxtr ◴[12 May 25 19:27 UTC] No.43966666[source]
So you have seen the failure of Apple’s car project in their stock price?