Users are waking up to discover OpenAI leaked their data this morning via a faulty third-party plugin. Here's what you need to know.

cross-posted from: https://discuss.online/post/31211123

I honest to fucking God don’t understand how cybersec is so fucking bad that there are so many damn data breaches that I lost count. I had a few accounts on chatgpt (that I dont use anymore) but they are all compromised now…

Just what the fuck is this shit? Are they done by lone actors or cybercrime gang? Or are they state actors or state-backed actors? Or are they inside jobs to allow the company to sell data illegally to make more money? Flock has admitted to using data from data breaches to their system.

You also notice how rarely you hear about cybercriminals getting caught? It’s almost like if you take even a minor bit of opsec you can get away with anything.

  • ArmchairAce1944@discuss.onlineOPEnglish
    318·
    1 day ago

    Don’t they discover them and track down who they are? If a group of jackass hackers (self taught or otherwise) are always trying to break into a system and failing a few times before getting in, wouldn’t the defenders be able to trace something about where those people are? Like is it really that dumb? Are defenders really a bunch of keystone kops driving around in circles and bumping into walls?

    • null@piefed.nullspace.lolEnglish
      11·
      1 day ago

      wouldn’t the defenders be able to trace something about where those people are?

      Not necessarily or trivially.

    • CentipedeFarrier@piefed.socialEnglish
      101·
      1 day ago

      Even if they did track them down, then what?

      The world is huge, it’s unlikely that a particular attacker is going to be from the same country, so how are they going to do anything about it, really?

      The victim can report to the government local to the hackers, but that local government is under no real obligation to do anything about it.

      • mjr@infosec.pubEnglish
        4·
        1 day ago

        The victim can report to the government local to the hackers, but that local government is under no real obligation to do anything about it.

        And given this, why would most companies keep paying their defenders to hunt them down once the trail seems to end in a foreign country?

        Defence is seen as a cost that reduces other costs, rather than something which will pay back, so I suspect it only happens if the company doesn’t have other work for the defenders to do (rare) so they might as well work on this as be paid to do nothing, if they think the attackers may return so they want to learn as much as possible about them for future defence (depends on what they did and who they it seems they may be), or if the government where the company is based steps in to fund the hunt for some reason (maybe political).

      • ArmchairAce1944@discuss.onlineOPEnglish
        18·
        1 day ago

        I find it difficult to believe that all attackers are necessarily from different countries. There was a breach in Canada some years ago when a bank lost tons of information and was hated for it. The hackers were in canada and it was on the news when they were finally caught. But that was an exception and not the rule.

        • Danquebec@sh.itjust.worksEnglish
          2·
          19 hours ago

          It was a credit union, and it was an insider leak.

          Or you’re thinking of another financial institution in Canada that lost a lot of information and whose reputation suffered as a result.

        • CentipedeFarrier@piefed.socialEnglish
          7·
          1 day ago

          I don’t recall saying all attackers were necessarily from different countries, because that’s not true at all. I said it’s unlikely they are from the same one, because statistically that is true.