|
|
|
|
|
|
by thaumasiotes
893 days ago
|
|
|
> This isn’t owning fast food chains; rather compromising some AI startup that has some of them as a customer. By this argument, getting access by phishing a company employee also wouldn't count as an attack on the company. |
|
|
These companies are responsible for their employees behavior and data but they are not responsible for nor legally liable for (in most cases, some exceptions apply) the actions of a third party that they have retained to help with hiring.
In fact the contract they have with said third party likely absolves them of any liability.
The title should be: I owned an AI startup via Firebase misconfiguration.
You can even name the startup if you want. That’s not flashy though and this person wants marketing.