I see your point and I might agree with you (didn't make up my mind yet), but how is this different than disclosing someone else's vulnerability with a "hardcoded" date? In some cases, getting from disclosure to a working exploit is trivial.
If this data was so easy to get, any state actor probably had it for years now. Also powerful criminal organisations.
Wasn't the harm potentially done already and this might trigger a change? Maybe now all those banks will not accept whatever data is in this leak as a way to authenticate a customer. In that scenario we would be in a better situation because of the leak.
If this data was so easy to get, any state actor probably had it for years now. Also powerful criminal organisations.
Wasn't the harm potentially done already and this might trigger a change? Maybe now all those banks will not accept whatever data is in this leak as a way to authenticate a customer. In that scenario we would be in a better situation because of the leak.