Security through obscurity never really works; when I use it, I at least know what I’m doing, and that it could bite me. I had thought any halfway informed administrator knew that same thing. Apparently, some folks still don’t get it. Let’s see… a company puts a file on its Web site that isn’t in any way protected except in the sense that there are no links to the file, and someone else figures out the URL, which leads to advance publication of the information. That’s not breaking into your site, it’s being smarter than you. From Intentia’s own press release: “The incident has severely damaged confidence in us as individuals and in Intentia as a company,’ says Björn Algkvist, CEO of Intentia International AB.” That’s almost certainly true. I know I wouldn’t trust my company’s data to a firm that made so obvious a mistake.