My point stands. You are apparently mistaking the act of breaking encryption (hard), with breaking into the website (easy). If it is so easy, however, why not have more? Or all? Why essentially beg for money to continue an operation that supposedly was a simple SQL injection?UrKnightErrant said:blah blah blah
The "there's all this data sitting there unprotected, but we can't get more unless we have more money" line seems to ring a little false to me. Then again, they basically said "Here's how we did it, go enjoy yourselves", which may or may not lend credence to their claims. I've no intention of verifying it for myself, after all.
And frankly, I expect that it WAS just sitting there in plaintext for the most part. It's hardly uncommon, sadly, even the lack of protection for the passwords. At least the credit card info was encrypted and/or inaccessible. Which is more than Rhode Island can say.