top | item 47100052

(no title)

They almost certainly did not. They likely just hired a cheap contractor to get their service up, and went with it when "it worked".

The contractor (who was certainly incompetent) probably looked at a bunch of nightmarishly complex identity API's and said "F** it!", combine that with being grossly underpaid and you get stuff like this.

It's a bad situation, of course, and involving threatening lawyers makes it even more ugly. But I can understand how a very small business (knowing nothing about IT other that what their incompetent contractor told them) might get really offended and scared shitless by some rando giving them a 30-day deadline, reporting them to authorities, and demanding that they contact all affected customers.

discuss

master-lincoln|8 days ago

Sure they might get rightfully scared because their neglect caused potential issues for their customers and having that public might decrease revenue.

But that is ok I think. They should get scared enough to not risk such a neglect again