Sean Sposito reports on why Thomas White, who posted the Patreon data dump on his site, TheCthulhu.com, refuses to take it down.
Despite the legal risk, White said, the public has a right to know exactly what data has been exposed — and researchers should be able to safely examine it to find out how it happened.
Could white be in legal jeopardy as a result of his actions? Yes, and the fact that he is in the U.K. may not protect him.
White said that in the past week, he has received one take-down request from a nonprofit focused on Internet security, but he has no plans to comply.
“At the moment, I do have intelligence that there is a sealed indictment filed against me by the FBI in one of the U.S. federal courts,” he said, over an encrypted phone call, in a heavy accent.
Read more on San Francisco Chronicle. Like Troy Hunt, I have concerns about what White has done. Although I understand and appreciate his argument that the data are already out there and he’s facilitating research, the reality is that he’s making access to the stolen data easier for people who might not otherwise go searching for it. Should his act be viewed as criminal, though? I don’t think so.