portrait picture

TIMO ZIMMERMANN

balancing software engineering & infosec

Blaming the user is the small scale version of nation state attacks

posted on Jan. 4, 2019, 11:15 a.m. in breach

Another week, another data breach. Another account compromised. When you follow the news closely and maybe subscribe to HaveIBeenPwnd or if you follow Troy Hunt on Twitter you have a rough idea of the big breaches happening. What you likely do not see often are individual accounts being compromised, except for some high profile personalities. One of the things I see showing up more often on Twitter the last few months are statements that blame users for compromised accounts. While users might sometimes make it pretty easy to compromise an account, blaming them is more often than not the equivalent of companies screaming "nation state actor" when they exposed their database with unencrypted passwords to the Internet.