Equifax lost millions of credit files, no consequences for them.
The Us government lost the completed forms that people who want a security clearance have to fill and that lists all their hidden skeletons (they must disclose them in the form so the govt can assess the likelihood of them being successfully leveraged by an enemy) and nothing changed[0]:
> In 2018, the OPM was reportedly still vulnerable to data thefts, with 29 of the Government Accountability Office's 80 recommendations remaining unaddressed. In particular, the OPM was reportedly still using passwords that had been stolen in the breach. It also had not discontinued the practice of sharing administrative accounts between users, despite that practice having been recommended against as early as 2003.
Not to mention the breaches happening at regular interval. I’m concerned about them and even I can’t remember them.
People don’t care. It happened to many times. It’s too abstract for a lot of people just like “Facebook and gmail can read my messages, nothing to hide”. There is little to no penalty for not being secure enough/getting breached.
99% of customers won’t care, because they will only briefly see the news, this hack did not harm them, they don’t care that much about security of an app and they don’t have a good alternative.
The impact of such incidents on company reputation and revenue is often exaggerated.
A few customers will have strong negative opinions "I was waiting at the airport in the rain for four hours!" but most people will indeed shrug this off. It's a much different issue than what happens when payment systems are compromised.
A lot more people care if they're informed their credit card was stolen and told to carefully watch statements for the next month - that leverages a real PITA cost on the customer.
Yandex had already leaked ALL data about their food delivery customers, including addresses and names. Didn't hurt them a bit since they're a monopoly. (It used to be a duopoly, but they're acquiring the only seriously competing service now).
When you're a government controlled corporation in an openly fascist state, you couldn't care less what your customers think.
That's got nothing to do with what we're talking about.
The first comment didn't say they should have spent more time on security, it said they should have spent time creating a system to detect if too many taxis were in one spot.
I think we can all agree that security is valuable and should be prioritized, but spending time worrying about how to stop who is already in your system from sending all the cabs to the wrong place seems like a waste of time.
Hell, IF (big if) the worst thing a hacker could do once they had access YandexTaxi's servers is send a bunch of cabs to the wrong place, you could almost spin that in a positive light. "We spent so much time protecting customer data that all they could do is send our divers to the wrong place".
It is hard to make a solid argument about perceptions. Is it possible that non-technical people would perceive the ability to send all the drivers to one location as a big security problem, even though it doesn't really require any conventional security issues? Maaayybeeee. "Hacks" that intrude into the real world do have a bit of an over-inflated appearance of importance after all.
Maybe they managed to also steal or encrypt data, and now the media attention in a sense helps the hackers claim extortion money? Since the showlights are now on that company?
True, but going back to the original argument, if hackers did manage to steal data, that makes the idea of spending time trying to prevent all the taxis from being sent to one place even stupider. In the world where YandexTaxi had extra time to spend on something, they should have spent it on securing their data better.
All your customers thinking your app isn't secure any more isn't "low pain".