I don't care what the org "intended" to do. The org assumed the responsibility of providing an API and with it the responsibility of securing private data. They failed and should be held culpable.
Boeing doesn't call it a "cyberattack" when their altitude control systems fail because of poor design.
I don't care what the org "intended" to do. The org assumed the responsibility of providing an API and with it the responsibility of securing private data. They failed and should be held culpable.
Boeing doesn't call it a "cyberattack" when their altitude control systems fail because of poor design.