Conversation
buherator
buherator
I'm probably in the Ticketmaster leak, and as a security person my concern about this is approaching 0.
Have I lost my senses, or are these breaches generally a bit overblown (esp. in our circles)?
Have I lost my senses, or are these breaches generally a bit overblown (esp. in our circles)?
2
0
6
@centaury Are they? I get password stuffing is a problem, but it's been a problem of current scale for at least a decade and many services require mfa, monitor compromised creds, monitor sus activity etc. I even got my debit card skimmed once, and lost exactly 0 money.
I'd be on a different opinion if we talked e.g. medical data, but many breached services just don't hold data that is much valuable to anyone.
I'd be on a different opinion if we talked e.g. medical data, but many breached services just don't hold data that is much valuable to anyone.
1
0
1
@centaury I'm not talking about defective controls, but working ones, that are in place exactly because users behave as you described. Incidentally such controls are usually found at places that matter (bank, pwstore, etc).
Will such controls protect all users every time? No. But my impressions (which may be wrong, but I don't have any data) is that the impact of data breaches (esp. ones that involve ~only credentials) is diminishing.
Will such controls protect all users every time? No. But my impressions (which may be wrong, but I don't have any data) is that the impact of data breaches (esp. ones that involve ~only credentials) is diminishing.
1
0
1