https://www.pcmag.com/news/patreon-lays-off-its-entire-security-team
Top Poster of the Day:
911roofer
Current Registered Users: 30,838
tech/science swag. 
Guidelines:
What to Submit
On-Topic: Anything that good slackers would find interesting. That includes more than /g/ memes and slacking off. If you had to reduce it to a sentence, the answer might be: anything that gratifies one's intellectual laziness.
Off-Topic: Most stories about politics, or crime, or sports, unless they're evidence of some interesting new phenomenon. Videos of pratfalls or disasters, or cute animal pictures. If they'd cover it on TV news, it's probably lame.
Help keep this hole healthy by keeping drama and NOT drama balanced. If you see too much drama, post something that isn't dramatic. If there isn't enough drama and this hole has become too boring, POST DRAMA!
In Submissions
Please do things to make titles stand out, like using uppercase or exclamation points, or saying how great an article is. It should be explicit in submitting something that you think it's important.
Please don't submit the original source. If the article is behind a paywall, just post the text. If a video is behind a paywall, post a magnet link. Fuck journos.
Please don't ruin the hole with chudposts. It isn't funny and doesn't belong here. THEY WILL BE MOVED TO /H/CHUDRAMA
If the title includes the name of the site, please leave that in, because our users are too stupid to know the difference between a url and a search query.
If you submit a video or pdf, please don't warn us by appending [video] or [pdf] to the title. That would be r-slurred. We're not using text-based browsers. We know what videos and pdfs are.
Make sure the title contains a gratuitous number or number + adjective. Good clickbait titles are like "Top 10 Ways to do X" or "Don't do these 4 things if you want X"
Otherwise editorialize. Please don't use the original title, unless it is gay or r-slurred, or you're shits all fucked up.
If you're going to post old news (at least 1 year old), please flair it so we can mock you for living under a rock, or don't and we'll mock you anyway.
Please don't post on SN to ask or tell us something. Send it to [email protected] instead.
If your post doesn't get enough traction, try to delete and repost it.
Please don't use SN primarily for promotion. It's ok to post your own stuff occasionally, but the primary use of the site should be for curiosity. If you want to astroturf or advertise, post on news.ycombinator.com instead.
Please solicit upvotes, comments, and submissions. Users are stupid and need to reminded to vote and interact. Thanks for the gold, kind stranger, upvotes to the left.
In Comments
Be snarky. Don't be kind. Have fun banter; don't be a dork. Please don't use big words like "fulminate". Please sneed at the rest of the community.
Comments should get more enlightened and centrist, not less, as a topic gets more divisive.
If disagreeing, please reply to the argument and call them names. "1 + 1 is 2, not 3" can be improved to "1 + 1 is 3, not 2, mathfaggot"
Please respond to the weakest plausible strawman of what someone says, not a stronger one that's harder to make fun of. Assume that they are bad faith actors.
Eschew jailbait. Paedophiles will be thrown in a wood chipper, as pertained by sitewide rules.
Please post shallow dismissals, especially of other people's work. All press is good press.
Please use Slacker News for political or ideological battle. It tramples weak ideologies.
Please comment on whether someone read an article. If you don't read the article, you are a cute twink.
Please pick the most provocative thing in an article or post to complain about in the thread. Don't nitpick stupid crap.
Please don't be an unfunny chud. Nobody cares about your opinion of X Unrelated Topic in Y Unrelated Thread. If you're the type of loser that belongs on /h/chudrama, we may exile you.
Sockpuppet accounts are encouraged, but please don't farm dramakarma.
Please use uppercase for emphasis.
Please post deranged conspiracy theories about astroturfing, shilling, bots, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email [email protected] and dang will add you to their spam list.
Please don't complain that a submission is inappropriate. If a story is spam or off-topic, report it and our moderators will probably do nothing about it. Feed egregious comments by replying instead of flagging them like a pussy. Remember: If you flag, you're a cute twink.
Please don't complain about tangential annoyances—things like article or website formats, name collisions, or back-button breakage. That's too boring, even for HN users.
Please seethe about how your posts don't get enough upvotes.
Please don't post comments saying that rdrama is turning into ruqqus. It's a nazi dogwhistle, as old as the hills.
Miscellaneous:
The quality of posts is extremely important to this community. Contributors are encouraged to provide high-quality or funny effortposts and informative or entertaining comments. Please refrain from posting the following:
Boring wingcucked nonsense nobody cares about that belongs in chudrama
Normie shit everyone already knows about
Anything that doesn't gratifify one's intellectual laziness
Bimothy-tier posts
Anything that the jannies don't like
Jannies reserve the right to exile baby ducks from this hole at any time.
We reserve the right to exile you for whatever reason we want, even for no reason at all! We also reserve the right to change the guidelines at any time, so be sure to read them at least once a month. We also reserve the right to ignore enforcement of the guidelines at the discretion of the janitorial staff. This hole is a janny playground, participation implies enthusiastic consent to being janny abused by unstable alcoholic bullies and loser nerds who have nothing better to do than banning you for any reason or no reason whatsoever.
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
/h/slackernews SETTINGS /h/slackernews MODS /h/slackernews LOG /h/slackernews EXILEES /h/slackernews FOLLOWERS /h/slackernews BLOCKERS
Jump in the discussion.
No email address required.
lol I hope they are at least outsourcing it or something. This is a terrible decision but not surprising. Most companies don't appreciate security people until shit goes down, they get hacked, and then they are apologizing. It's the same with operations people. They normally have nothing to do if things are running smoothly, and they are the reason it runs smoothly, but then they are stressed beyond belief when something happens and then they are appreciated. Same shit happens to security people.
Krayon sexually assaulted his sister.
Jump in the discussion.
No email address required.
It's crazy that these companies see major hacks making the news and then roll the dice by cutting security. That is some Grade A
shit
Jump in the discussion.
No email address required.
I just heard through the grapevine that they are outsourcing their security, but still you never get the quality you get with on-site staff.
Krayon sexually assaulted his sister.
Jump in the discussion.
No email address required.
More options
Context
One major economic change that’s happened in the last 20-30 years is that the majority of stock is owned by investment firms selling funds (Vanguard, Fidelity, Blackrock, etc) rather than individual shareholders. This means that all of their investors will be pushing them to do risky shit, because if they’re invested in 2000 different companies and can get all of them to cut their operating expenses by 5%, even if a few dozen get hacked and go out of business it’s still a net gain and the fund’s value will go up.
Jump in the discussion.
No email address required.
Letting the people own the means of production is bad now? you commies are never happy
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
They won't be able to pass the PCI-DSS compliance audit (once per year, if i remember correctly).
build and maintain a secure network and systems,
protect cardholder data,
maintain a vulnerability management program,
implement strong access control measures,
regularly monitor and test networks,
maintain an information security policy.
Jump in the discussion.
No email address required.
More options
Context
Outsourcing is exactly what those twats did. The same shit happens to IT staff in general
Jump in the discussion.
No email address required.
Yup, and their security will become worse because of it.
Instead of having a team dedicated to cyber security on their payroll, who's sole job is managing and monitoring Patreon. They'll hire out to some firm in India, where they're just another number out of thousands of companies.
You would think a company like Patreon, whose sole business is online and deals with transactional payments, would be a bit more dedicated to security.
Jump in the discussion.
No email address required.
quit being
-phobic
Jump in the discussion.
No email address required.
More options
Context
More options
Context
yeah just heard through the grapevine that they are outsourcing for sure. idk if that's a great idea for security, but if some idiot suit is in charge, I know that there has been a hard push to hire MSPs over on-site staff in the last few years.
Krayon sexually assaulted his sister.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Its the same for all IT roles in big corps.
The best we can ever do is “be operational” for us if everything is perfect by design no one should notice. The second something goes down or fails its defcon 1 and Operations people get a tiny glimpse into how much IT infrastructure is used in day to day work.
But you can bet the second the problem is fixed they’ll forget about it.
Jump in the discussion.
No email address required.
More options
Context
Paying for a few PR people to sweep breaches under the rug is cheaper than a single security person. It’s not that surprising some middle exec thought this was a good idea.
Jump in the discussion.
No email address required.
More options
Context
More options
Context