top | item 41607599

(no title)

It is very strange to me that their attitude is "no one was impacted" and this is "hypothetical". Any serious company would immediately consider this to be a case where everyone was impacted! This is like coming home to the worst neighborhood on the planet to find your door wide open, and immediately putting on a blindfold so you can continue to pretend nothing's changed.

discuss

DecoySalamander|1 year ago

Since everything is stored in their DB, they supposedly can audit logs and sources for boosts themselves to confirm if anyone was actually impacted.

voiceblue|1 year ago

Can you explain? How are they able to check whether someone did a quick “in and out” keylogger or cookie extraction? I doubt they can, because I doubt they store every request (that would go against what they claim for privacy) and I also doubt their DB backup happens on such a high frequency that they could catch this (e.g. minute-to-minute).

So…how? Are you claiming they have oodles of logs and a perfect dork* to find suspicious JavaScript? If they had the latter wouldn’t they already be using it for security?

If you have some method that works do tell.

* https://www.alibabacloud.com/blog/what-is-dork_600025