|
|
|
|
|
|
by Narkov
773 days ago
|
|
|
> This isn’t really a data breach, This is totally a data breach. Show another customers data to a random person = data breach. People had access to valid boarding passes for flights they had no right to board. > it’s a bug in the app. Generally, bugs are responsible for most data breaches. > And it didn’t “allow people to access strangers details” it showed each person the wrong details after they logged in. You are downplaying the incident here. "Strangers" definitely did "access" other peoples' information. Just because it wasn't malicious doesn't mean data hasn't been breached. |
|
|
Yep you're right, legal definition of a data breach includes "someone’s personal information is sent to the wrong person."
https://www.oaic.gov.au/privacy/your-privacy-rights/data-bre...
> Generally, bugs are responsible for most data breaches.
Sometimes. I don't think you could call all security vulnerabilities bugs. In this case, it was a bug that showed people the wrong flight details.
> You are downplaying the incident here. "Strangers" definitely did "access" other peoples' information. Just because it wasn't malicious doesn't mean data hasn't been breached.
Well I'm downplaying from the over sensationalised (in my opinion) language in the article. Strangers saw the wrong person's flight details so access was given to that information, but the way it's worded makes it sound as though a stranger was able to pick a person and view their information, or download a bunch of information and view it.
To me, seeing one other person's flight details when you login is far less dramatic. Like the headline here could refer to a vulnerability in their system which enabled me to, say, vary a query parameter or change the email in settings to any email and then see that person's flight details.
The case is more like accidentally sending a text message to someone with the wrong flight details and allowing them to reply Y or N to confirm the flight.
If the headline said "Bug in Qantas app shows people the wrong flight details" (which I think is a much more accurate description of what happened) we probably wouldn't be having this discussion and 7news would have missed out on about 100k hits (although to be fair the HN crowd is probably pretty skewed towards using ad blockers ... )