Comment

Comment on The Discord Breach Might Be Worse Than We Thought, As The Hacker Is Said To Have Two Million Age Verification Photos

plz1@lemmy.world ⁨3⁩ ⁨weeks⁩ ago

The fact that these photos and PII (personally identifiable information) were not destroyed after the verification process was certified is absolutely atrocious OpSec. I don’t even care which of the two companies is ultimately responsible, because they are both responsible.

Zendesk for their bad OpSec
Discord for both outsourcing this AND not having contractual requirements to properly secure and destroy PII when it was no longer required.

I work in IT, and treat PII like it’s dangerously radioactive, because in the digital world, it really is.

source

Sort:hotnew top

TomArrr@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
“Apparently” only those who were challenging the verification results and uploaded awaiting reverification are affected.

Not that that isn’t bad enough

source
- Kissaki@feddit.org ⁨3⁩ ⁨weeks⁩ ago
  That’s even worse, in my eyes. Maybe not in scale, but when appeal process is more vulnerable, that seems very questionable.
  
  source
  - TomArrr@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    Yea, pretty sure most of the evidence is no longer ther
    
    source
prole@lemmy.blahaj.zone ⁨3⁩ ⁨weeks⁩ ago
That’s because you have ethics

source
luciferofastora@feddit.org ⁨3⁩ ⁨weeks⁩ ago
Me when I get a request for PII pertaining to a suspected corruption case: Have one of our corporate lawyers give me a written and explicit statement of what data I’m supposed to send to whom or get bent. I’m not touching that with a ten foot pole and gloves unless I have a legally solid affirmation that what I’m doing won’t come back to bite me, and that our workers’ council knows about it and will back me up.

I’m reluctant to even confirm that I can get that information in the first place. I mean, I’m the one with full access to the audit tool, so I probably do, but I’d have to access that data in the first place to check. I don’t think that anyone would notice or care so long as I don’t share that information, but as you said: dangerously radioactive; don’t touch if I can help it.

source
Zen_Shinobi@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
Right. It blows me away the required training we have to do for physical files more secured than Fort Knox! Tech world? Eh just throw it in the recycle bin

source
aidan@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
I agree completely its moronic, but I do imagine the law requires it

source