It can be both. The company can be at fault for not keeping something secure while the people who steal the data are at fault for stealing data. Data leaks and hacks are not mutually exclusive.
I don’t disagree with your main point, but I’m not sure it’s really even “stealing”, as that means to take without permission. In this case, the storage permissions were configured so that the files were publicly available to everyone, so everyone had permission to access them.
Semantics though. It’s still unethical to access that data, even if it’s not technically stealing.
It can be both. The company can be at fault for not keeping something secure while the people who steal the data are at fault for stealing data. Data leaks and hacks are not mutually exclusive.
I don’t disagree with your main point, but I’m not sure it’s really even “stealing”, as that means to take without permission. In this case, the storage permissions were configured so that the files were publicly available to everyone, so everyone had permission to access them.
Semantics though. It’s still unethical to access that data, even if it’s not technically stealing.