top | item 38934827

(no title)

intern4tional | 2 years ago

This isn’t owning fast food chains; rather compromising some AI startup that has some of them as a customer.

Title is misleading.

discuss

MrBruh|2 years ago

It exposed PII of the managers & employees of ~half of the most popular fast food companies.

Personally I feel the title is justified but I understand and respect your viewpoint.

Also keep in mind that trying to clarify the such would also make the title much longer than I desired.

borissk|2 years ago

Aren't you afraid one of the companies involved may file a complain with FBI or police and get you arrested?

intern4tional|2 years ago

Title: I pwned Chattr.ai via Firebase misconfiguration

That’s what you should call it. It explains to readers what’s going on without over sensationalism.

That isn’t too long either.

refulgentis|2 years ago

[deleted]

thaumasiotes|2 years ago

> This isn’t owning fast food chains; rather compromising some AI startup that has some of them as a customer.

By this argument, getting access by phishing a company employee also wouldn't count as an attack on the company.

intern4tional|2 years ago

No, as company employee is directly tied to and the responsibility of the company.

These companies are responsible for their employees behavior and data but they are not responsible for nor legally liable for (in most cases, some exceptions apply) the actions of a third party that they have retained to help with hiring.

In fact the contract they have with said third party likely absolves them of any liability.

The title should be: I owned an AI startup via Firebase misconfiguration.

You can even name the startup if you want. That’s not flashy though and this person wants marketing.

unknown|2 years ago

[deleted]

mellosouls|2 years ago

TBF your proposed title is less snappy.

intern4tional|2 years ago

Of course, but it that’s good in most cases as then you don’t get an overreaction.

The right people will read it (Chattr.ai’s customers) and respond . Right now everyone looks at it and some CISO will overreact and make everyone go check their Firebase configurations which may likely be a non-value add.

unknown|2 years ago

[deleted]

isatty|2 years ago

I think it’s incomplete. The startup needs to be named and shamed on the title.

giaour|2 years ago

The article is not shy about naming the startup (chattr.ai)

intern4tional|2 years ago

I don’t disagree with this either, I just didn’t think of it when I put my response in.

Naming and shaming does work.