So I got a notice from Ticketmaster that my identity was accessed by an intruder and my name, contact info and /encrypted/ payment info was compromised. These notices are more and more common. Why aren’t companies accountable for damages when they fail to protect all the myriad data they collect on people without consent? I never asked them to store these things…

  • ImplyingImplications@lemmy.ca
    link
    fedilink
    arrow-up
    18
    ·
    6 days ago

    Either that, or every company has woefully underpaid/incompetent IT people

    It’s this one. Cox Communications, one of the largest telecommunications companies in the US with $11 billion in revenue, recently patched a bug on their self-serve portal that allowed anyone to access any customer’s profile. The bug was that server requests weren’t being authenticated. If you entered the right info into the URL bar you’d be given a page with anyone’s customer info. No login needed.