Hacker News new | past | comments | ask | show | jobs | submit login

> However leaving such a vulnerability exposed is so bad they deserve to get their entire database dropped (and in this case I hope they don't have backups).

I understand the feeling here, but no, they don't deserve to get their assets destroyed because of a lack of care.`




Why not? Destroying the company means they won't be there anymore to put everyone's PII at risk.


Because private property is a cornerstone of a free society?

You can't just destroy someone else's property because you have some personal anarchist notion of justice.

If they are really being negligent then they should face the proper penalties.


Well the issue is that there are no penalties. Only free money for lawyers and nothing for the people who got their PII stolen.

Dropping the DB means there's no more PII to leak, makes a pretty good financial penalty for the company and doesn't make millions for useless lawyers. That sounds like an acceptable solution by my standards.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: