- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.
I hate this use of the word “inadvertently”. It’s meant to describe a situation where someone who has caused harm could not have reasonably known the consequence of his actions. For example, parents who fed their children tainted apple sauce inadvertently poisoned their children. In theory they could have done their own chemical analysis, but it’s not reasonable to personally test all food for lead.
This password was not published “inadvertently”. The company could have and should have avoided doing so. The right word is “carelessly”. They deserve blame.
(If you want to avoid making the company angry at you then at least say “accidentally” and leave the question of blame unanswered.)