We trusted them!
Crew & Concierge director Sara Duncan blamed "the team of developers we had hired" for the bucket being left open, saying she had trusted the devs to "do a competent job" of securing "personal and sensitive personal information relating to our registered crew".
Okay, which part of "productive idiot" did you miss?
It doesn't shock me to see this, again and again. I have worked with many productive idiots, and managers who have no idea of the basic concepts of software development, let alone something like architecture and security. I hate web projects because pretty much the whole area is a shambles. The web giants don't care, the devs don't care, nobody cares because they don't feel any liability. If the local mechanic did a similar job on your car, you'd be up in arms with lawyers, etc. It comes down to devs doing garbage work, and managers letting it slide when they've been told again and again that it's going on.