Authy got hacked, and 33 million user phone numbers were stolen - eviltoast
  • sudneo@lemm.ee
    link
    fedilink
    English
    arrow-up
    5
    ·
    6 months ago

    I am a security professional. I would personally not care less to make the distinction, as both are very generic terms that are used very liberally in the industry.

    So I don’t see any reason not to call this hacking. This was not an intended feature. It was a gap, which has been used to perform things that the application writer did not intended (not in this form). If fits with the definition of hacking as far as I can tell. In any case, this is not an academic discussion, it is a security advisory or an article that talks about it.

    • Freefall@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      I was gonna say, we use hacking as a term for a lot of things, even is something like cracking is more accurate. It is like Clip vs Mag in firearms…when you say clip EVERYONE knows what you are talking about.

    • NateNate60@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      6 months ago

      I’m not someone who works on the practical side of security, but as a computer scientist, I do not agree that it is “hacking”. That contradicts my understanding of “hack” versus other types of exploits, but you are correct that the distinction is generally not that important. A security problem is a security problem regardless what it’s called