• MrCookieRespect@reddthat.com
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    9 months ago

    But its not a breach, its accounts being compromised. Yes you can’t trust them but its their own fault still. And you can’t make it too hard to get the data because otherwise your idiot of a user cant access it either.

    They should definitely force 2FA however.

    • tiramichu@lemm.ee
      link
      fedilink
      arrow-up
      9
      arrow-down
      2
      ·
      9 months ago

      IBM defines “Data Breach” as:

      any security incident in which unauthorized parties gain access to sensitive data or confidential information, including personal data (Social Security numbers, bank account numbers, healthcare data) or corporate data (customer data records, intellectual property, financial information).

      Despite the fact the attackers used real passwords to log in they are still an ‘unauthorized party’ because they are not the intended party.

      It’s also legally the case that using a password to access data you know you are not supposed to access still counts as ‘hacking’

      • MrCookieRespect@reddthat.com
        link
        fedilink
        arrow-up
        3
        arrow-down
        2
        ·
        9 months ago

        Well, the authorisation is the password, so from their side it was in fact not a breach because they just got a normal login with the correct authorisation(password).

        • woodytrombone@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          9 months ago

          The front door unlocked because the burglar found a copy of the key outside.

          This wasn’t a burglary, though. His key was legitimate.