By now we all are aware that foodmandu was hacked and 50,000 customer data has been released. The numbers may vary because there has not been an official statement from the government or police.
Incidents like these are the best time to observe and understand the takeaway of players involved.
- Foodmandu: Foodmandu has at least attempted to be responsible by releasing statements and trying to be as responsible as possible. The statement mentioned that they have fixed the loophole. Foodmandu failed right there. Instead of telling us that they fixed the problem miraculously, they could be more specific and tell what went wrong. For example, they could say that “look we are running PostgreSQL 10.12 and we completely did not realize that it had a bug and needed update. Hackers used XYZ loophole in the version and accessed the data”. A statement like this would have made them more responsible and accountable to the community.
- The community: The same old rant “We support foodmandu”. Honestly, this does not come as a form of support to foodmandu. With Tootle, we have seen that the government gave them hard time with tax. But the community still supported and repeated the rant “We are with Tootle”. This is not really any support. The community could have been more responsible if they had said, we support foodmandu but also respect customer privacy. Whoever is the culprit either foodmandu or the hacker, must be punished.
- Government: Is there even a government counterpart in this ecosystem? No official statement, no information to the public. The most shameful entity in this incident.
Also Read: Asgar Ali Breaches into KathmanduPress.com
- Our technologies are not sound and secured. By using any of these innovations we are trading off our security and privacy.
- The startup ecosystem is not strong enough to admit that mistakes are made. Startups are none beyond the judicial system.
- Government still lacks technology and awareness to secure customer data.