Attention Required! | Cloudflare
cybernews.com
  • Full names
  • Addresses
  • Post codes
  • Dates of birth
  • National IDs
  • Phone numbers *Genders
  • Email addresses
  • Telco metadata
  • Breach status and social profile annotations

Good luck everyone.

  • FreedomAdvocateEnglish
    11·
    1 day ago

    Great analogy, but not for the point you’re trying to make.

    If your house plumbing is leaking there is water going out where it shouldn’t be. You’re saying it’s a leak just because there’s a tap out near the footpath that could be turned on by someone to use your water, even if not a single drop of water has ever come out of it.

    With an unsecured server the data isn’t going where it shouldn’t be unless someone takes it. Without evidence of someone taking it, nothing was leaked.

    • sys110x@aussie.zoneEnglish
      11·
      1 day ago

      If your house plumbing is leaking there is water going out where it shouldn’t be.

      Yes. Correct. Personally Identifiable Information openly exposed on the internet is information going out where it shouldn’t be.

      If your house is leaking, whether there’s someone out there with a cup doesn’t change whether your house is leaking or not. It only changes whether someone took your water ie. a breach

      Data leak and data breach have specific definitions:

      Data Leak vs Data Breach: What Is the Difference? While many use the terms “data leak” and “data breach” interchangeably, there is a difference between the two. A data leak often comes from within the organization either by accident or intent, while a data breach occurs when confidential or otherwise protected information is accessed, stolen, or used by outsiders without authorization. https://www.fortinet.com/resources/cyberglossary/data-leak

      https://www.microsoft.com/en-us/security/business/security-101/what-is-a-data-leak

      https://www.oaic.gov.au/privacy/your-privacy-rights/data-breaches/what-is-a-data-breach

      https://www.ibm.com/think/topics/data-leakage

      https://www.trendmicro.com/en/what-is/data-breach/data-leak.html

      This is a data leak. We don’t know yet if it’s a data breach. We might not know until active exploitation.

      Given the lack of control on this data, and that it wasn’t fixed until the researchers told them about it, do you trust IDMerit to have the scrutiny on their logging to know if it was accessed externally? I don’t.

      • FreedomAdvocateEnglish
        11·
        1 day ago

        It’s not going out unless someone requests it though. Data from a database on an unsecured server doesn’t just find its way onto the Internet or hackers computers - they need to take it.

        This is why I said it’s misleading. There’s no evidence of anything being taken. It was there for the taking, but if it wasn’t taken then no one’s details were compromised.