Originally Posted by ponderingturtle
In their defense, they were really terrible at programming, network security, and data encryption, but if it helps, they also lost their services so fast I don't think they had a chance.
From what I've read in a few spots, it sounds like their 2FA and email verification provider stopped providing them the service. This meant accounts could be created without any registration process at all. Someone used that to figure out how to create an account with admin
privileges (I still haven't figured that one out) and then scripted it to make a ton of admin accounts, which have the perms to download everything. They also never actually deleted posts that were "deleted" through the app, they just changed the visibility bit to false. Meaning nothing was ever really deleted and people "verified" their accounts using their state issued ID's. It's just terrible all around.
The right move would have been to just shut it off once you realized your services vendors were dropping you. They didn't, now they'll pay the price.