Hacker News new | past | comments | ask | show | jobs | submit login

I don't find your example very convincing. Any database storing personal data needs to be properly secured, and if that gym also has ID credit card or other more sensitive data, that data might better be destroyed than stolen.

If it's a publicly accessible wiki with no sensitive data whatsoever, and that's meant to be publicly accessible, then there's a reasonable excuse for the poor security and it's not helping anyone to destroy it.




There is no indication in this article that all of the databases had personal data.


Why should innocent users be punished? Why not just send a pic confirming you have full db access? This is just unnecessary vandalism.


The point is that, if my credit card info is staying in a web-exposed, insecure DB, it is safer for me that it be destroyed than left alone.

I have no idea of that is the intention of the attackers, or if they are maybe even stealing the info before deleting it. But assuming they were good Samaritans and just deleting it, that is the best outcome for me as a user, better than if it stayed up for another day.


Because often that doesn’t actually elicit change. Deleting the data over and over does.


Somehow that would be worse. Feels like a ransom call.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: