[ad_1]
Capital One and GitHub have been sued this week as part of a clbad action lawsuit filed in California for failing to secure or prevent a breach of security during which personal information of more than 106 million users were stolen by a hacker.
Although Capital One was named in the lawsuit because the hacker stole according to his data, GitHub was also included because the hacker posted some of the stolen information on the code-share site.
A lawsuit claims that GitHub has not detected stolen data
The lawsuit says that "the decisions of the management of GitHub […] authorize the publication, display, use and / or availability of pirated data. "
According to court documents, the information on the stolen users of Capital One was available from April 21, 2019 to mid-July, before being deleted.
"GitHub knew or ought to have known that pirated data had obviously been posted on GitHub.com," the lawsuit says.
Under California law and industry standards, GitHub had an obligation to maintain or delete social security numbers and personal information from its site.
The complainants believe that since the social security numbers had a fixed format, GitHub should have been able to identify and delete this data, but they chose not to allow the stolen information to be available on its flat. for three months, until a bug hunter has detected the problem. stolen data and notified Capital One.
The lawsuit alleges that by allowing the hacker to store information on its servers, GitHub has violated the federal law on wiretapping. It should be mentioned that GitHub has never been prosecuted for violating the laws on wiretapping, but it is only a charge laid in a civil case, which n & # 39; Has not been proven yet.
A lawsuit claims GitHub has actively promoted piracy
The complaint also makes a bold statement: "GitHub actively encourages (at least) user-friendly hacking." It is then connected to a GitHub repository named "Awesome Hacking".
Applicants may have difficulty proving that GitHub has encouraged hacking because this repository is not badociated with GitHub staff or management, but belongs to a user who is registered on the platform. form and pretends to live in India.
There are thousands of similar GitHub repositories hosting resources and tutorials on hacking, pen testing, cybersecurity, reverse engineering, and engineering – all of which are not illegal.
In addition, other sites like Pastebin or AnonFile are also victims of abuse similar to those of GitHub during the Capital One breach, hackers downloading information stolen from their respective servers or hosting hacking tutorials. .
The lawsuit seems to conceal the fact that users are required to adhere to the rules and conditions of service of a platform, not the platform itself.
Overall, the chances of GitHub being convicted are slim, because this is just a clbadic clbadic case that "guns do not kill people, people kill people".
Otherwise, Apple could be held responsible in the same way when a person uses an iPhone to commit a crime, or Microsoft is convicted of someone who uses a Windows operating system to watch pirated movies.
But if Microsoft can have a lawsuit to convince the court to abandon GitHub's lawsuit, Capital One will not do it and will have to defend its failures in cybersecurity before the courts.
The lawsuit stated that Capital One had already been the victim of security breaches in November 2014, July 2017 and September 2017.
The clbad action is available here. Newsweek and Business Insider first reported the lawsuit.
The hacker responsible for the Capital One breach, Paige Thompson, was arrested earlier this week. It is thought that she has hacked several other companies in addition to Capital One. The list includes Unicredit, Vodafone, Ford, Michigan State University and the Ohio Transportation Department.
Related cybersecurity coverage:
Source link
