I was of a firm belief that Google and Apple will never be breached. They might be bad at privacy but they are good at security. First time for everything.
This was not a breach of iCloud, this was a breach of specific user accounts, as in the user’s passwords were guessed or the user gave the attackers their password through social engineering.
Google has 182k employees as of 2023 (at least according to Wikipedia). There’s no way to have that many people and not have one slip up once in a while.
isn’t that still, by defnition, a breach of the company’s data?
In a sense, kind of. But it doesn’t demonstrate penetration of infrastructure built and maintained by Google. So there’s perhaps a judgment issue, but not a demonstration of their own security capabilities being compromised.
I was of a firm belief that Google and Apple will never be breached. They might be bad at privacy but they are good at security. First time for everything.
Let’s not forget that Apple iCloud was breached in 2014: https://en.wikipedia.org/wiki/2014_celebrity_nude_photo_leak
This was not a breach of iCloud, this was a breach of specific user accounts, as in the user’s passwords were guessed or the user gave the attackers their password through social engineering.
Ah yes, the Fappening, great times
Google has 182k employees as of 2023 (at least according to Wikipedia). There’s no way to have that many people and not have one slip up once in a while.
Important stuff is usually handled by few of them.
Few thousand*
FTFY
Google was also breached in Operation Aurora (2009), although a much more targeted breach:
https://en.wikipedia.org/wiki/Operation_Aurora
TIL
But did they? It looks like Salesforce was breached, where Google stored details of businesses, or did I miss something?
If a company uses an insecure vendor that gets breached, isn’t that still, by defnition, a breach of the company’s data?
If you outsource your security to a less-than-reputable company, don’t be surprised when you get less-than-reputable security.
In a sense, kind of. But it doesn’t demonstrate penetration of infrastructure built and maintained by Google. So there’s perhaps a judgment issue, but not a demonstration of their own security capabilities being compromised.
Yes. It may deflect some of the legal responsibility, but it’s still more of a “how they got breached” than “they didn’t get breached.”
i doubt that anyone is immune.
I know but these are the guys I would trust with my data (security wise)