I agree that data security is important, even if it is only email addresses, where many are probably findable in the web anyway. Maybe, the link with the username has some value, but I’d bet only little.
In my opinion, harsh penalties are more needed in privacy invasive (in my opinion malware) like google, meta, Amazon etc. are spreading.
The problem is that this data can be combined with other data. An email address by itself isn’t particularly important but when it’s matched up with names, physical addresses, DoB, SSN, other PII and the network of other services with matching data it becomes very serious.
It’s never just this breach, it’s every other breach as well. Every breach makes every preceeding breach more effective and more valuable.
Yes but this wasn’t a data breach. This was a data stuffing incident, meaning they took someone else’s data dump and tried their email and credentials here.
never use the same username and password in two or more places
always use MFA, a hard token if you can like a yubikey
Obligatory: companies should face harsh penalties for this stuff.
I agree that data security is important, even if it is only email addresses, where many are probably findable in the web anyway. Maybe, the link with the username has some value, but I’d bet only little. In my opinion, harsh penalties are more needed in privacy invasive (in my opinion malware) like google, meta, Amazon etc. are spreading.
The problem is that this data can be combined with other data. An email address by itself isn’t particularly important but when it’s matched up with names, physical addresses, DoB, SSN, other PII and the network of other services with matching data it becomes very serious.
It’s never just this breach, it’s every other breach as well. Every breach makes every preceeding breach more effective and more valuable.
Of course, but where are names, physical addresses, DoB, SSN, etc in this dataset? It’s just mail and username
Yes but this wasn’t a data breach. This was a data stuffing incident, meaning they took someone else’s data dump and tried their email and credentials here.
Do you own a Yubikey?
Have you ever succeeded in getting it to work with anything??
It didn’t work with gmail, or any other online account I had.
An absolute waste of $$.