When someone gets their data stolen, who gets blamed? The thief? No, we blame the victim.
Even worse is the language.
“They didn’t encrypt their data, they were begging to get hacked.”
“Look at their password policy, no wonder they got hacked.”
Now, let us *slightly* reword that…
“She was wearing sexy clothes, she was begging to get raped.”
“Look at how drunk she was, no wonder she was raped.”
I am *not* saying the two crimes are even close to comparable, but the language is.
*Should* companies be careful with their data? Yes. Because outside of criminal acts, it helps guard against accidental, unintentional leaks.
But this victim-blaming shit has to stop.
When we make it okay to blame the victim of one class of crimes, we make it okay to blame the victim of another class of crimes.
Language matters. Stop victim-blaming. It’s wrong.
The fault of a crime is the criminal’s. Period.
and stop glorifying breaking into shit because of “pure” intent.
That’s not being a good guy. That’s not being a white hat. That’s not being a security professional.
That’s called extortion, and it’s a crime as well.