Hacker News new | past | comments | ask | show | jobs | submit login

Shaming Slack is one point. This guy just exposed the confidential information of who knows how many of Slack's customers. In my opinion that's douchery of epic proportions.



Maybe this kind of exposure is the only way we will teach people to stop trusting fly-by-night cloud startups with their confidential data?


This. That was exactly a kind of vulnerability that is meant to be publicly disclosed. Nothing of matter will happen to anyone because of that vulnerability, but people might remember it and next time they'll think twice about how they handle authentication.


How about responsibly disclosing to the victims/users before going public?


I don't see how that would be possible unless Slack has a full list of their customers available somewhere.

Note that elsewhere in this thread you can see that it was reported to Slack, but they responded saying it wasn't a bug.


So hurting people in order to teach them a lesson about not getting hurt?


This was about the most minor kind of information leak you could imagine. I doubt anybody is going to feel any real 'hurt' from this.

In this case the information seems unlikely to contain anything sensitive pertaining to customers. If it had though then the companies that had negligently put sensitive information on untrusted servers would be held liable and could face significant fines (violating the Data Protection Act 1998 in the UK can lead to fines of up to £500,000 and similar legislation exists in other parts of the EU). That more serious kind of breach is the one we are trying to avoid by advising companies not to use cloud services.


The lesson can be had independently of the intent of douchery. Shit happens, and learning from your mistakes (by admitting them) is a fine way to get better at what you do.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: