The sad truth is that for the most part, the web hosting industry has normalized a fairly lax approach to security, and sees settlements like this, and even breaches, as a cost of doing business. Look at Wordpress maintenance, for example.
It's a tough business hosting arbitrary UGC, and doing it well costs a lot of time effort and money (ask me how I know). But I fully agree: treating this as just another line-item cost is absurd.
It's a tough business hosting arbitrary UGC, and doing it well costs a lot of time effort and money (ask me how I know). But I fully agree: treating this as just another line-item cost is absurd.