Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> you face a heavy fine or arrest

Heavy fine yes but not arrest AFAIK. Anyway this is a script programed to scary the target.

Do you even store personal data inside that database?



From their Twitter feed: mongodb is just RSS feed data, personal data is in postgres and wasn’t accessible to the script kiddy


And would you take that statement at face value from a company that just left their docker based mongo instance Internet public? It’s safe to assume that your info has already been leaked, but situations like this are why that assumption is safe.


I suppose we'll find out if/when the data will be leaked as the hacker claims?


If you give out your personal information to, for example, newsblur- the odds are very, very good that this wasn’t the first time you’ve entrusted a company to protect your privacy, and whether you realize it yet or not- you have already been sorely disappointed.


There's something about this threat that really is awful. The legal extortion angle. We'll turn you over to the regulator if you don't give us money. Aside the fact they can take the money and package you to the regulator anyway, with complete impunity, it seems like the regulation needs to be revised in some way to take this very serious threat out of the hands of people who will abuse it.


This is just an another reason why user data should be dealt with very carefully, not a reason to nerf the legislation designed to dissuade people being careless.


Agree with user and customer data being handled with care, but I do not like seeing criminals using the law to further a criminal enterprise. That is problematic.


> Heavy fine yes but not arrest AFAIK.

Newsblur is an American org. GDPR is a foreign law that has no relevance to American firms lol.

<insert Saruman "you have no power here" meme>


> GDPR is a foreign law that has no relevance to American firms lol.

I couldn't agree more with the spirit of your comment, but sadly the reality may be somewhat more nuanced:

GDPR in the USA https://www.cookiebot.com/en/gdpr-usa/

"The GDPR has extra-territorial scope, which means that websites outside of the EU that process data of people inside the EU are obligated to comply with the GDPR. ... In fact, the very first GDPR enforcement was against a Canadian company... being a website in the US does not exempt you from GPDR compliance and the territorial distance will not protect you from its enforcement either."

Reminded me of:

CISA amendment would allow US to jail foreigners for crimes committed abroad https://www.theguardian.com/technology/2015/oct/22/cybersecu...


There's no sadly here, it's the opposite. In your world Facebook could still abuse European's privacy.


In my world, I would not be committing a crime if I, someone who has never stepped foot in Asia, criticised the Chinese Govt.

https://www.axios.com/china-hong-kong-law-global-activism-ff...


In other news, a company selling a GDPR compliance service is trying to scare companies into buying their service. Shocking to see!

In reality, a US business with no EU presence only has to follow US laws. The only "enforcement" power the EU has would be to order the website to be blocked in the EU, and I'm pretty sure they can't even do that.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: