this post was submitted on 25 Jul 2025
567 points (98.1% liked)
Technology
73232 readers
4264 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The bigger problem is trying to get the mainstream that would read an article like that to understand the technical difference between hacking and accessing unsecured data.
One of the definitions of hacking is illegally gaining access to a computer system. It doesn't need to involve any sort of exploit. Stealing from an unlocked home is still stealing. Gaining access to a system by phishing is still hacking. Leaking data that is technically publicly accessible that isn't meant to be publicly accessible is still hacking.
Not that I suspect anything good from 4chan but the proper thing to do would be to disclose to Tea that their data is public and allow them to fix the problem. The ethics of vulnerability disclosure still apply when the vulnerability is "hey you literally didn't secure this at all."
This reminded me of an anecdote from maybe 6 years ago. I was setting up and testing a small network and a couple devices to install for a customer, let's say the subnet was 192.168.2.0/24.
Weird things were happening, I was being lazy and wasn't directly connected to the network, may have setup a VPN between devices somewhere; can't really remember. But pings would sometimes drop or blow out to 100's ms.
I eventually ended up disconnecting that network entirely, then the pings continued and got more stable?? WTF! I need we didn't have that subnet in use, even checked before setting it up. In the time between checking and the issues happening, someone in Sydney somewhere had stuffed up on their router and exposed there LAN to the internet without any Firewalls, just available.
Scanned and found all the IPs in use and in them found a printer. Connected to it and printed a page saying I'm from company XYZ and found all these devices available, and to either contact their IT and resolve it ASAP or my company to help. About an hour later it seemed to be resolved.
It was an interesting day.
Uh... you can't just "expose a LAN network to the Internet" in this manner. Local subnets aren't routable over the Internet, so you can't just enter 192.168.2.3 and end up on somebody else's private LAN.
https://www.geeksforgeeks.org/computer-networks/non-routable-address-space/
They would have needed to either have all their internal devices being assigned public IP's or had NAT+firewall rules explicitly routing ports from their outside address(es) to the inside ones. The former is unlikely as normally ISPs don't allocate that many to a given client, or at least not by DHCP. the latter would require a specific configuration mapping the outside addresses/ports to inside devices, likely on a per device+port basis.
Either your story is missing key details or you've misunderstood/made-up something.
The storage facility concept is kinda close, if you count it as "a storage facility beside a major intersection in a big facility, with the locker doors left open despite meant the warning at the front desk not to do so"