Could include email addresses, credit card numbers, etc.
A single user choosing a bad password and having their data stolen doesn't count; it must be Manifold's system at fault.
Breaches that occurred prior to this market's creation do not count.
Mira has submitted https://manifold.markets/Mira/will-manifold-leak-everyones-privat-b91cb81a49c8 as evidence that this should resolve YES. Any objections?
called it https://manifold.markets/IsaacKing/will-manifold-experience-a-serious
i think it's debatable, but lean yes? I think the attempt to pretend that my suggestion wasn't what they meant, laundered behind a joke, wasn't ideal conduct.
@IsaacKing just to make sure I'm understanding what happened here. This market was made a long time ago, information leaked in mid August, and then we only realized it applied to this market today?
And to be extra clear, nothing new has leaked since the linked market in August?
@zzlk I have not been informed of any new leaks, no.
(I was absent from the platform for ~4 months, so I was unaware of the earlier leaks until Mira told me.)
@IsaacKing wish that this wasnt sufficient for a resolution, I was really looking forward to what'd be presented next by Mira
Would you say the "security breach" is more important, or the "leak of people's personal information"? Is there a minimum "difficulty level" required?
i.e. suppose Manifold puts up an endpoint "/v0/credit-card-number" or starts putting email addresses in the API responses. Would that resolve this positively even though it was intentional and requires no 'hacking'?
Or if they unintentionally include email addresses in the output, patch it, but it's not like a targeted attack from a hacker - they just were careless and gave it out? Maybe it wouldn't be "serious" just because it's so easy to do.
@Mira a security breach does not have to be initiated or even exploited by someone external to be a serious breach imho.
Say that a backup of the database containing emails was inadvertently made public, and someone in the team figures it out and takes it offline before anyone downloads it, I'd still count that as a serious breach.
@Mira That all sounds like it would count. If they unintentionally expose user data that's still a "breach", even if it's not a "hack". If they do it intentionally... that would be weird, but I guess it still counts.
Maybe (probably not) you're talking about unlisting private markets and revealing some of them? I think it's debatable if that's a security breach.
@jacksonpolack I mean it's written in Javascript right? Even if I don't have anything now, what are the chances that it goes a whole year without getting hacked?