| ▲ | jerlam 5 days ago | ||||||||||||||||
In the past, every company thought they were the next Facebook and needed to build complex super-scalable architecture because tomorrow a million users would appear out of nowhere and try to log in at the same time. Now everyone thinks they are the next Experian and tomorrow a million hackers are going to attack and steal everyone's private info. | |||||||||||||||||
| ▲ | DaiPlusPlus 5 days ago | parent | next [-] | ||||||||||||||||
> Now everyone thinks they are the next Experian and tomorrow a million hackers are going to attack and steal everyone's private info. But this is demonstrably the case today... I don't think I've gone a week without hearing about some major data-breach. ...my own org got h4x0red a few months ago: our CEO didn't have 2FA enabled on his God-tier global-admin-rights OIDC/SSO login and somehow, someone found our internal login page, had a snoop around, found our Twilio account keys and sold them off to some spammer who then sent spam texts to our customers (fortunately our (immutable) access logs showed there was no further intrusion, but it was still an incredibly unsettling experience considering how uninteresting and un-sexy my SaaS day-job is). ...so if it can happen to me, a random fellow HN troglodyte, then it can happen to you; or the hospital down the street from my old office[1]. In conclusion: we're doomed. [1] https://therecord.media/seattle-fred-hutch-cancer-center-ran... | |||||||||||||||||
| |||||||||||||||||
| ▲ | throw10920 5 days ago | parent | prev [-] | ||||||||||||||||
...and, of course, all of these companies are just as bad at security as they are at scaling - they don't even have the capacity to understand (organizationally - I'm not anthropomorphizing them) that Experian happened because their servers were breached, not because users' accounts got stolen. It's pathetic. There should be regulation that prevents overly onerous "security" controls on users accounts. | |||||||||||||||||