When your business is in getting people to spill secrets about their employers, you really can’t afford a slip up like this. TechCrunch reports:
Blind left one of its database servers exposed without a password, making it possible for anyone who knew where to look to access each user’s account information and identify would-be whistleblowers.
And if you do have a slip up, you need to handle it better than Blind apparently did, only acting when TechCrunch got in touch – rather than when researchers first informed the company of the lapse. The report adds:
Kim said that there is “no evidence” that the database was misappropriated or misused, but did not say how it came to that conclusion. When asked, the company would not say if it will notify U.S. state regulators of the breach.