Forward to next post: Reference: athletic body diversity
Jim, this is irresponsible.
Granted, not very irresponsible because even the megaphone of Making Light pales in comparison to Business Insider, but still the natural inference from the post is that DropBox’s password database was compromised.
And that’s not true. Not at all true.
What event triggered the Business Insider story, and therefore this ML post? DropBox informed some of its users that they, the users, had apparently been careless and re-used their DropBox password on other sites. (which had been hacked)
You know what? DropBox didn’t have to tell its users that - everyone knows that the way a service with login and password knows that you are who you claim to be is with the login and password, and DropBox is going above and beyond by detecting activity that seems suspicious despite the use of the correct login and password.
In other words, the reward for DropBox implementing better-than-average security practices is the implication that they’ve been hacked.
People who implement poor security practices should be called out for doing so. Actual hacks should be publicized, and an article that advised one to change the email address one uses with DropBox - or being aware that that email could soon be hit with lots of spam - that was written based on the DropBox employee’s account compromise would be fair game.
But the remainder of the underlying facts show DropBox being good and upfront about security, and getting attacked for it. It’s as though a reporter wrote about a police district’s horrible crime wave when the facts on the ground were that the new police chief had stopped the earlier practice of fudging the official stats. (Except it’s even a more clear-cut case of reporter malpractice here)
I expect Business Insider to commit this kind of error; more precisely, I don’t respect them enough to care when they do.
Making Light, though, I respect, so this kind of carelessness cuts deep.