[Alain-lf]

Nobody is asking for perfect security.

We just expect a company that stores the highly personal information of hundreds of millions of people to have better security than that of a random blog site maintained by one guy in his basement.

[sillysaurus3]

Well, you are asking for perfect security. Everyone here is. That's what it means not to ever be breached. I think that's the uncomfortable truth we've obscured. We are asking for the impossible.

If you don't feel that way, I propose asking some of your pentester friends how they feel about the breach. Somewhere between unsurprised and shrug, probably.

It doesn't change a thing that this situation demands higher security. We're fighting against forces of nature. Except instead of extinguishing forest fires, we're asking for the equivalent of no forest fires, ever, and arguing vehemently that modern technology is so good that forest fires should not have been allowed to happen.

[sasas]

Here they left the door wide open. Google does not leave the door wide open. Google does not have perfect security. But we expect them to make the cost to an attacker high enough that it requires massive investment for a successful breach. Why should we expect less for a company that keeps 140+ million customer records?

[Alain-lf]

> Well, you are asking for perfect security.

No need to read the rest of your comment. I'm not biting.