I’ve had a few people point me to this story (linked below), some legitimately concerned and some simply pointing it out, and I wanted to take a moment to add my $0.02 worth. The facts in the story, vendors handle information differently and, as such, classify different sets of infomation with different levels of significance / importance / etc. In this case, the reader (and a large number of other people) have determined that, using infomation from entity a, they can garner information from entity b and with the aggregate of that information do nasty, nasty things. This is completely accurate and true, so the story isn’t a farce, but this has been the case forever (I’m using ‘forever’ here in lieu of any real statistics) and will likely always be the case. In this case, it was determined that Amazon gave an unauthorized user access to [what Amazon thought was] trivial information but the attacker was able to use that nibblet of information to gain access to an Apple iCloud account. I suspect that the ‘attack’ was carried out under very controlled conditions and likely worked flawlessly. However, it asumes that the attacker knew that the victim a) had an Amazon account and an Apple iCloud account, b) the same email address was used for both and c) the attacker was looking for something stored in the iCloud account or available with the aggregate information gathered when looking at the two in this context. My thoughts, it would be easier to go dumpster diving behind a shotty medical facility if I just wanted to steal some identities. Otherwise, unless it’s a high-value target, it just wouldn’t be worth the trouble. Again, just my $0.02 worth, adjusted for inflation and taxed.