A few years ago I worked with a large electronics company and they had a major security breach where a person who called their help desk was attempting to get access to accounts. When they were escalated to a manager and called on the carpet about it, they explained that they were "White Hat Penetration Testers" demonstrating how easy it was to access accounts with fraudulent phone calls. In reality they were just snot nose kids trying to get thrills and possibly hoping to get access to other people's accounts. The world will never really know.
Now, did they do any tangible damage? Not in this case. Nothing was stolen and no one was fired. But it did create a giant waste of time for the corporation in question, and that equates to real money. And damage was certainly done to the reputations of real ethical hackers out there who are legitimately interested in helping corporations plug the holes in their security.
What Does Real Pen Testing Look Like?Here’s the deal: there are lot of clever hackers out there who crack systems to make themselves feel smart and powerful. Just remember: carrying a gun doesn’t make you a police officer—and hacking a system for fun on the weekend doesn’t make you a penetration tester. Real penetration testing begins with true rules of engagement, project management, and outcomes for improvement.
Read more: http://www.cio.com/article/738886/Developers_Hack_Dropbox_Show_How_to_Access_to_User_Data
More about data security