So it only took like four years, but now we know.
And maybe someone can explain why in 2016 we’re all first finding out the scope of older breaches like this one and LinkedIn, Tumblr, and MySpace, to name just some. Were people not putting hacked data up for sale for years while they misused it? The breached companies often said there was no evidence of real misuse. So why were these data not on the black market and just collecting cyberdust until now?
And what does this say, if anything, about the forensics investigations that had been conducted that they never uncovered the scope of these breaches? Or did they, in some cases, but the entities decided to report smaller figures?
There’s a lot we don’t know that would be helpful to know.