Dude...Where's my data?
IF this included medical dispensaries, How about thousands of HIPAA violations on top of the normal data breach stuff....
A tech biz specializing in software for marijuana dispensaries inadvertently exposed to the public internet a database containing tens of thousands of mellow Americans' personal information. The leak-busting team at vpnMentor took credit for unearthing the unprotected Amazon Web Services S3 storage bucket, owned by THSuite, a …
S3 major breaches list: https://github.com/nagwww/s3-leaks
This post has been deleted by its author
More important than the data breach itself, what the fuck is the poor girl in the header image smoking? Why the fuck do yanks insist on smoking their greenery in those brown skins? Are they liquirice flavoured or has someone dropped it in a mug of coffee and then left it drying on the radiator? And don't get me started on those vile flavoured blunt things that are more like a slighlty moist camping mat than a proper Vera.
The only reason to roll anything in a flavoured skin is if the stuff you've been sold tastes like flaming dog shit when you spark up. And if it does, then you need to sort out your supply chain, not attempt to mitigate the taste by wrapping it in a bubblegum flavoured rattan mat. Fucking Philistines.
Have the yanks yet to be introduced to the gold standard of rolling materials, the silver Rizla?
"what the fuck is the poor girl in the header image smoking?"
Look up RAW brand papers. Made from the purest unbleached hemp fibers, so you're not ingesting anything that you hadn't planned on ingesting. Not that I'd expect a typical stoner to give a rat's ass ... they certainly don't bother looking up their options for themselves. "Too much trouble, man, I'll just stick to what my "friends" told me. They've been pot-heads for decades, so obviously know everything there is to know on the subject."
Apparently the mind is a terrible thing, so let's get wasted ...
This post has been deleted by its author
Sounds like the typical situation when the typical developer is let loose with security settings... because access to the world is not the default.
Of couse all applications absolutely require full adminstrator level access to the entire local system. And to the database. And to the domain too, just in case. This is much easier than a developer thinking and working out the absolute mimimum access rights that are necessary and assigning just that and nothing else particularly when security is something that can be cobbled into a system later if remembered. It's also very important when doing this that the super-administrator fallback support password is safely encoded using ROT26 for all applications. In the application itself.
Considering that Amazon rolled out their bucket security checker late last year (see: El Reg coverage), how could this [apparently utterly incompetent] IT department allow this to happen? Without someone's head rolling into the gutter like a 'good' day in the French Revolution??
Seriously, not just standard-level incompetence but complete and world class considering the warnings both in tech news and via Amazon's AWS email updates (got one myself).
But we know that putting all our data on the cloud run by clowns, sorry, that should read 'large corporations who promise our data are all highly secure and can never be hacked, lost, or released to the world - until it is', is totally and entirely safe. I for one trust AWS, Google, IBM and the other one who I've forgotten, to be entirely trustworthy and responsible, despite all the evidence to the contrary. Why should I feel any concern about the publication of all my information anyway? What's the worst that can happen?