Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you could actually access their Salesforce instance, that would be very nerve wracking for founders, since usually Salesforce, etc, logs emails which may continue unannounced fundraising plans or M&A plans that haven’t been shared externally by portfolio company founders.


Collecting the keys from a public source-code of a web page is legal (and can be safely reported).

Using these keys to access unauthorized systems is a crime.

This is a major difference.


Oh no CRIME! Thank goodness that something being a crime stops people from committing them.

Thank goodness the internet isn't an international operation filled with nation state level actors and questionable companies running data gathering operations from places they cannot be touched.

Always assume your data has been stolen by an assailant in a place that's only reachable by launching nukes at them. Also assume there is some competitor on the other side of the world now using your data against you.

Please stop treating data theft like Barney Fife level candy store theft. A huge portion of the time even if you know the name of the exact person who did it, there isn't going to be shit you can do about it.


Parent comment never suggested it was legal. They said it would be bad if this info was in their SalesForce and they leaked the key, which they did.


How can it possibly be a crime? They literally gave the keys to everyone who accessed their website


You (unintentionally) drop your house key in front of your door. Now we can all freely enter your house! It can't be trespassing with the key sitting right there, can it?


Totally agree, and if you think like that, then a SQL injection is just an undocumented public entry-point ¯\_(ツ)_/¯


It would also be pretty damaging if it includes their LPs.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: