5·
3 months agoI don’t see any reference to 2023 in that article, but this:
Pornhub has not worked with Mixpanel since 2021, which means that the stolen data would be from that year or earlier
chuso
Previously at @chuso
- 0 Posts
- 3 Comments
Joined 1 year ago
Cake day: November 13th, 2024
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Sorry, but I don’t think we’re emphasising enough that Pornhub shared details of its users, such as their search history and watched videos, with an external company and that external company kept that data for over four years after their relationship ended.
Yeah, the key seems to be in the comments from one of the changes: https://github.com/jellyfin/jellyfin/commit/0581cd661021752e5063e338c718f211c8929310#diff-bcc2125e56d5738b4778802ac650ca47719845aeee582f3b5c9b46af82ea9979R1176-R1180
It seems there was the potential risk that insufficient validation could allow reading arbitrary server files, which indeed poses a security risk.
However, my understanding is that this could be exploited only by authenticated users with permission to add new media. Not like that’s a risk to ignore, but it’s not like it could be exploited by anyone on the Internet.