Leaking is only part of the problem. The main issue is that this information lets you authenticate with anything at all or as a starting point for social engineering.
For example, you could build your own database of millions of records of name/phone/addr just looking up WHOIS info on every domain name you come across.
And I'm reminded of how you can get into someone's Amazon account by feeding WHOIS information to their customer support, even if the address is bogus but is in the same city that Amazon has on file. https://medium.com/@espringe/amazon-s-customer-service-backd...
HN takes out its pitch forks for every leak, but the outrage is often misdirected.
For example, why do we have this idiotic system where you can make purchases on my credit card with the same credentials I hand out multiple times a day, even for a $5 hotdog, and as a result I need to remain eternally vigilant to find fraud on my monthly statements? Why can you get into my Amazon account if you know a single address that approximates one of the addresses I've ever shipped product to?
Leaking is inevitable. The problem is that our system and thus our expectations are built as if it's not.
For example, you could build your own database of millions of records of name/phone/addr just looking up WHOIS info on every domain name you come across.
And I'm reminded of how you can get into someone's Amazon account by feeding WHOIS information to their customer support, even if the address is bogus but is in the same city that Amazon has on file. https://medium.com/@espringe/amazon-s-customer-service-backd...
HN takes out its pitch forks for every leak, but the outrage is often misdirected.
For example, why do we have this idiotic system where you can make purchases on my credit card with the same credentials I hand out multiple times a day, even for a $5 hotdog, and as a result I need to remain eternally vigilant to find fraud on my monthly statements? Why can you get into my Amazon account if you know a single address that approximates one of the addresses I've ever shipped product to?
Leaking is inevitable. The problem is that our system and thus our expectations are built as if it's not.