Hacker News new | ask | show | jobs
by jcranmer 2911 days ago
According to the Ars Technica article on this, this is actually quite likely--the UI for these systems is apparently typically sufficiently bad that you have to copy a numeric ID, and you won't get feedback as to what the numeric ID actually referred to.
1 comments
gruez 2911 days ago
Ars quote in question:

>The processes used by organizations like Sony to publish videos to platforms both owned and otherwise could present opportunities for error. (I know this because I used to work for a major broadcast TV network.) It could have been as simple as a young, entry-level digital producer accidentally copying and pasting the wrong video ID number from the company's internal repository of video files into a proprietary publishing tool that bulk-publishes several videos in a daily push via the YouTube Data API and the equivalents on other platforms.

I don't buy this explanation because the setup would be hilariously insecure. It would be like having a company-wide file share that anyone can access, and placing all your trade secrets on it. It might make sense for broadcast TV networks, considering all their content is distributed for free anyways.

link
ant512 2911 days ago
This is the same Sony that was famously hacked in 2014:

https://en.m.wikipedia.org/wiki/Sony_Pictures_hack

From the Wikipedia page:

“The hackers involved claim to have taken more than 100 terabytes of data from Sony”

“The data included personal information about Sony Pictures employees and their families, e-mails between employees, information about executive salaries at the company, copies of then-unreleased Sony films, and other information.”

The YouTube mistake sounds to me like a publicity stunt, but “hilariously insecure” isn’t necessarily an incorrect assessment of Sony’s infrastructure.

link
blattimwind 2911 days ago
> It would be like having a company-wide file share that anyone can access

"Enterprise document/data management" usually means something along those lines, yes.

link
garblegarble 2911 days ago
>I don't buy this explanation because the setup would be hilariously insecure.

I work in the industry, I 100% buy this explanation. Security is not great on all sides, confusing UIs and opaque IDs pasted into web systems (or excel spreadsheets) with little/no feedback (or excessive feedback that then gets ignored) are standard.

Also, even when media isn't directly available to a user, they may well still have the ability to send a particular file by house number through a pre-approved workflow (e.g. publish to youtube)

link