Hacker Newsnew | past | comments | ask | show | jobs | submit | onehoof's commentslogin

"Dropbox" and "Security" are pretty much opposing terms. Remember this is the same company that when faced with a login bug, chose to disable password authentication so that anyone could log in as anyone else instead of shutting the service down until it was fixed.


Name one company that's gone out of business because of a security problem, or even had their business significantly impacted. I can't. I'm sure if you dig you could find one, but I'm not aware of one off the top of my head.

Until this sort of thing matters to users, nothing will change.


Let's see...

TJ Max, UBS, Knight Capital, Heartland Payment Systems, Visa, Sony (already mentioned, but it's my fave), Stanford, Countless other hospitals, e-commerce vendors, banks, and other organizations that handle payment or personal information.

If you want to say "name a startup that's gone out of business because of a security problem" I'll let you away with that. There's still instances, and I'd love startups to pay more attention to security, but I know reality as well...


http://en.wikipedia.org/wiki/Bitcoin#Theft_and_technical_vul... has quite a few startups going down due to security issues.


How exactly has Stanford had its business impacted due to a security breach? I'm only thinking in terms of people wanting to apply, and I can't imagine how that'd be a deterrent.


Stanford's a little more than a college. There have been at least 5 HIPAA breaches, with at least 70k people's information compromised.

http://www.healthcareitnews.com/news/stanford-reports-fifth-...


To go a little further - at a glance, it's not clear if they've been fined yet or not, but either way there's soft costs to all of this - being in the news in a negative light, some patients will go elsewhere, their insurance premiums are going to go up as a result of the breaches, etc etc.


What was Knight Capital's security problem?


Last year when KC shot themselves in the face, they were running trading algos that hadn't been well tested. When dropped into production, things blew up fairly quickly.

I probably should have left it off the list, it's more of a compliance/procedural issue than purely infosec.


They had nothing to do with security. The GP was stretching a fair bit to try and make a point.

They had an issue with deploying....supposedly:) They still haven't come out and said exactly what the issue was.


Sony: http://www.computerworld.com/s/article/9216926/PlayStation_N...

You can quibble about the numbers; the article doesn't come out and say it but the exact number may have been subject to some accounting shenanigans (probably the fully-legal kind, but that still leaves leeway). But it did cost them, both money and reputation.

That said, I tend to agree with your general point. But companies don't quite get off entirely without consequence... it's just rare enough that it's more like a bolt from the blue than a reliable penalty.


I think they factored into the cost the two free games and identity theft protection that they voluntarily offered.

The two free games were nice too. They gave us choices from top rated titles.


I bet the recent Developer Site outage had a business impact for Apple. Might be impossible to measure though.


Lavabit?


hb gary federal

sony

google

rsa

epsilon

saic

tricare

tjmaxx/marshalls

lifelock

hannaford

U.S. department of Vet affairs


man how'd I forget hb gary...that's my other favorite


DigiNotar


GlobalSign and any other certificate authority that was hacked.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: