118
Authy Users' Phone Numbers Compromised via Twilio API Vulnerability
(www.bleepingcomputer.com)
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
Goddammit, can companies stop leaking our shit everywhere please
Only when it’s profitable to stop.
I'd prefer fuck-you-fines making it impossible to ignore the security that are actually enforced.
And that's why its important to prefer internet services hosted in particular companies. The English legacy of law has been very poor at keeping society safe from corporations because these laws were established when the British Empire was a vast trade corporation with an inbred person as CEO by way of the pope said Jesus wanted that family to be in charge.
What's crazy making is a lot of the places the British destabilized the indigenous people had very advanced methods of ensuring society benefited everyone. Not all of them of course, but enough of them that its hard to see the English legacy of law practice as anything other than fundamentally broken and not worth the amount of spread it was forced to have at gunpoint. Like when I hear about how Iroquois nation justice worked I can't help but feel something truly special was lost by way of colonists wanted to profit off beaver pelts
Especially with such careless failures. If some employee was tricked through a well-planned social engineering attack, or they used some mega obscure day0 vulnerability, I'd not be happy, but shit happens, I guess. But not sending my phone number when someone just posts some GET command to an API should be a no-brainer....