[glckr]

No other bad actors can get it, but we don't know if it's already been found, and now that it's gone we have no idea what data is out in the wild. And as you note, we can't trust the companies to accurately report it themselves.

[petee]

I think you make an important point though - deleted or not, there is no real way to know what's been exposed, and no guarantee that they'll ever admit it; so torch all the data expeditiously, and we'll just have to comb through 'successful' leaks just as always.

Another side is that with their database blanked, that will force more companies to explain their downtime or complete loss of data, rather than quietly secure it again and pretend nothing happened

[HappyDreamer]

Maybe this actor A downloaded the data, then deleted the database, preventing others from accessing and selling the same data? Only A can sell this data now?

[na85]

So, no difference other than the company now has to explain that their database was insecure. Got it.

[DyslexicAtheist]

maybe the authors of meow should "improve" it with a feature that reports every instance to HIBP before deleting it. that is if their intention with this malware was a benevolent one :) but I guess feature iteration in malware that is "supposed to be good" would be tricky

[mkagenius]

> reports every instance to HIBP

no, that doesn't make sense if its only meow who found it. And since there is no way to know that, it does not make sense to mail a copy to hibp

[zentiggr]

Oh, they'll have to say something when they suddenly stop doing business until a backup can get pulled, and the new db instances actually secured before putting them up again.

Even a bland 'we lost parts of our data and we will have to start recovery processes. please stand by' is a signal.

[Alex3917]

Ideally they'd report it so that password managers could warn everyone, but with just the database URI there isn't necessarily any obvious way to know what domain or business its associated with.

[GekkePrutser]

Doesn't really matter, as long as the credential is exposed, users can be warned. No matter where it came from.

[wtracy]

If the attacker can write to the DB, then they can add entries to every table with the string "Hey your database is unsecured!"