In major goof, Uber stored sensitive database key on public GitHub page
arstechnica.comUber needs to accept responsibility and live with their mistake.
"Intruders"? Uber gave their permission when they uploaded the key to a public service (...a key to a publicly accessible database, nonetheless). Doesn't matter if it was accidental...Uber doesn't have the right to inconvenience another company (GitHub) with a subpoena because of their own mistake.
"The contents of these internal database files are closely guarded by Uber,"
Mmm, the evidence suggests otherwise.
The thing that I find particularly notable here is not that they stuck the key on GitHub, but that they are trying to subpoena GitHub for a list of everyone who accessed the gists in question. If allowed to do that, then that sets a precedent that's worth considering...
I don't get the dearth of coverage to this negligence. Company valued at $40B advertises it's crypto key and the world yawns.
"Goof". Is that what they are calling this nowadays?