zlacker

>>Strang+(OP)
If i was a customer id be pissed off, but this is as good as a response you can have to an incident like this.

- timely response

- initial disclosure by company and not third party

- actual expression of shame and remorse

- a decent explanation of target/scope

i could imagine being cyclical about the statement, but look at other companies who have gotten breached in the past. very few of them do well on all points

>>prodig+47
> - timely response

Timely in what way? Seems they didn't discover the hack themselves, didn't discover it until the hackers themselves reached out last week, and today we're seeing them acknowledging it. I'm not sure anything here could be described as "timely".

>>embedd+ei
I have been doing a self Have I Been Pwned audit and, reading many company blog posts, and it wasn't uncommon to see disclosure months after incidents.

>>prodig+Do
Yeah, that sucks, and I wouldn't call those "timely" either. Is your point that "timely" is relative and depends on what others are doing? Personally, "slow" is slow regardless of how slow others are, but clearly some would feel differently, that's OK too.

>>embedd+Ep
If one week is slow and three months is also slow, why should a company switch from three months to one week?

To borrow from a different context, if eating meat every day is being an evil animal abuser and being vegetarian but liking cheese sauce on you pasta is being an evil animal abuser, why should anyone consider eating less meat?

Warning: not very well thought-out generalisation ahead

We need to be able to express nuance, otherwise everything turns into a shitshow like, for example, the current state of political and social discourse. Americans will vote for privatisation because public healthcare is "literally communism" and "communism is the devil". Twitter users will vote for white supremacists because they get called "literal nazis" for the big nose jokes they occasionally make.