It's very easy to be careless when implementing code. I'm not surprised that this happened. Complex interacting systems where we pull in lots of projects, means that extra care needs to be taken.
The extended spell checkers in Google Chrome and Microsoft Edge can leak sensitive information, once again highlighting our dependence on online services and features. https://www.lifewire.com/the-spell-checker-in-your…
The recent twitter whistleblower revelations showed just how many coders have access to live data and code at one time.https://techcrunch.com/2022/09/13/twitter-whistleblower-mudge-congress/
So you have complex systems interacting with one another with no one engineer understanding how the systems work. It's possible that the engineers involved had no idea of the vulnerability when they wrote the code.
We've ended up with the idea of the Networked Computer proposed by Larry Ellison in the 90s. With our data being stored in centralized silos.
We also need to consider how much of our social networks and cloud systems rely on a common set of tools. With very little support being feedback to the folks who create widely used code.
Take for example the node.js controversy last year, where a developer unpublished his node module that was used by thousands of projects.
"The earlier culture of "move fast break things" doesn't just disrupt systems, it puts private information at risk. "
chaos.social – a Fediverse instance for & by the Chaos community