Ocean Protocol: This is what writing in lawyered-corporateeze gets you I guess:
'Ocean Protocol is an ecosystem for sharing data and associated services. It provides a tokenized service layer that EXPOSES DATA...'
https://oceanprotocol.com/
The list of organisations notifying customers that they're affected by the Typeform data breach continues to grow – and at least one victim has publicly claimed the breached backup data was unencrypted. Australian bakery chain Bakers Delight, “beyond banking” outfit Revolut, the Australian Republican Movement, data platform …
https://blog.oceanprotocol.com/typeform-data-breach-faqs-11008736aaa9
Seems that a massive amount of confidential data was gained
" Information that the hackers downloaded includes email, birthdate, place of birth, ID number, nationality, wallet address, and for our US participants, SSN."
but they are "sorry" so I guess that makes it ok then........
You'd better not just consider it !
I hope that there will be a massive move against this, to send a strong sign that we the public no longer tolerate this kind of gratuitious data-hoovering, but I doubt it. Tomorrow will likely be business as usual, right Talk Talk ?
In Ocean Protocol's case, the attacker obtained “email, birthdate, place of birth, ID number, nationality, wallet address, scans of identity documents, proof of residence, proof of accreditation and for our US participants, SSN”.
Why the f***k were Typeform holding this - let alone in an unencrypted form? Heads need to roll (they won't of course) with jail time and Typeform need to be driven out of business by their unhappy customers.
Looking at a comparison of survey software, it seems the only one which gets it is the one from Germany - on premises. All the rest are ripe for the picking.
It will all be forgotten after the latest breaches are released tomorrow by another company. No fines but a sternly worded note and possibly (but not likely) a slap on wrist with a very fluffy sponge (dry not wet). It's' a pity (almost*) that there's not some hungry lawyers around for class action suits. But that too won't happen.
*Almost a pity because if it happens, well, lawyers.
PaaS and SaaS cloud environmental risk.
Too many professionals don't understand the increased risk, and don't have the experience to know where the data is and how well it's protected.
---then they find out (TOO LATE), the cloud provider has no responsibility or risk acceptance; it's all on them.
I use childcare from korukids.co.uk, and great to find out they stored data with these <insert expletive>s. "Amongst the data which has been stolen:
- Your name and email
- Your home address
- Your date of birth
- Your National Insurance number
- Your children's name and date of birth
- The name of your children's school
- The name and phone number of your children's emergency contact(s), and their relationship to your children"