Monday, September 17, 2018

That's one way to make a breach worthless

tweeted by jonny sun

In information security you may hear the term data minimization. It's a principle that says the less data you collect, the less value you pose to an attacker. For example, if a database doesn't have credit card numbers in it then it won't be very useful to carders.

If you can't add any data to an account (perhaps because you can't log in in the first place) then that seems like the principle of data minimization has been followed (even if that wasn't the intent).