Comment by redeeman

no, thats not the same. If you for example leave your front door open, and the insurance finds out, do you think they will be doing "victim blaming" ?

so lets turn this logic around on those megacorps that leaks personal data, suppose they run an open postgres or mongodb with ALL the customer data, no password or default password, on the open ipv6, is it victimblaming to go after them for this? after all, its the big bad criminals that stole the data?

the truth of the matter is that yes, the ones that take the data are criminals, but so are the one that doesnt take proper pracautions.

Have you actually seen how these infrastructure things operate? many of them have open scada systems directly coupled to the internet. Many of them have sms gateways that just accepts messages from _ANY_ phone number to issue shutdowns.

I know because I have been brought in to look at some of those things as a consultant