top | item 25463736

(no title)

dvduval | 5 years ago

I have to wonder how many corporations have been hacked but we will never know, because they are worried about the value of their stock. This could actually be a much greater threat to hobbling our infrastructure or blackmailing wealthy people to do their bidding.

discuss

wahern|5 years ago

Presumably all medium and large corporations have been hacked. I don't think I've ever worked at an organization that hasn't been hacked. And all but one were hacked multiple times, though I'm sure that's because I just wasn't privy to the other incidents (the company may not have been, either). For criminal organizations it's just a numbers game--penetrate as many organizations as you can and then look for monetization opportunities. For many nation-states the calculus probably looks much the same, and in any event the techniques are similar.

unclekev|5 years ago

I worked for a company that had all their Customer data stolen and then sold on a darknet market place.

They completely swept it under the rug, told the infosec guys that if they talked about the incident with anyone they would have their employment terminated and that it was to never be discussed because they were worried about their share price.

We also have laws here in Australia that says if this happens to a business it mandatory to disclose the breach to your customers.

> you must notify affected individuals and us when a data breach involving personal information is likely to result in serious harm.

A employee anonymously reported the breach to the government agency that handles this, who in turn contacted the business with a "Please explain. Right now."

The next day after they were contacted they fired every single IT department staff member. Helpdesk, Infosec, Networks... All fired, because they couldn't figure out who reported it.

Nothing ever happened to the business as they somehow convinced the government that the data that was stolen was "made up junk data used for testing" despite it being obviously clear that it was current customer info.

This crap happens all the time and businesses are continued to be allowed to get away with hiding breaches from people.

All it does is help the share price and disadvantage the customers.

imtringued|5 years ago

Open source software has "more" vulnerabilities because more of them get reported. With proprietary software black hats are gathering exploits in a weapons silo ready to be sold on the black market.

For some reason businesses prefer to cover up their vulnerabilities instead of fixing them. When you report a vulnerability as a white hat there is a big risk that the company will use you as a scapegoat and sue you. For a business it is much easier to claim that they "caught a hacker" rather than admit their weakness in public.

Hackerone is basically a "vulnerability blackhole as a service" because researchers are dependent on bounties for their income. Disclosing an ignored vulnerability publicly weeks or months after the hackerone report can lead to getting banned on hackerone and thereby ruin your ability to collect bounties.

soupfordummies|5 years ago

Why not name this company?

slaymaker1907|5 years ago

How did that mass firing not trigger the whistleblower laws?

sofixa|5 years ago

That's why GDPR includes personal liability for DPOs(Data Protection Officers) and chief executives, and requires the company have a DPO with no conflict of interest ( e.g. working under the CEO with bonuses based on stock price).