Sponsored by:

Good news – your credit card is fine and only your irreplaceable things were hacked!

Hey, I really hate to tell you this, but we were hacked and your account containing a bunch of really sensitive personal data was exposed. I know, it’s enormously inconvenient but I have good news for you – your credit card is fine!

Now yes, banks do have very good fraud protection these days and they would almost certainly have reversed any illegitimate charges, but isn’t this great news! Oh yeah – they’ll also issue you a new card too and don’t worry, that won’t cost you a cent. Yes, you’ll need to update your direct debits and anywhere you’ve stored that number but hey, you have to do that every time the card expires anyway so no biggie.

Fortunately, the only data that was compromised was useless stuff like your username and password.

But because you created unique passwords everywhere and never reused anything across any other service, you’re all good. Fortunately it was never the same creds as your email account (we’re all very glad everyone stopped doing this back in the 90s) otherwise someone could’ve, you know, just gone and reset pretty much every other account you have on the web.

Now here’s some really good news – both your financial data and your passwords are ok!

It is important to note that, at this time, there is no evidence that any financial information or passwords were compromised.

How good is that? We’ve done an awesome job of protecting this info (we’ve underlined it above just to emphasise the point), in fact so much so that the only stuff that was actually leaked was useless info like your sexual orientation, what you like to get up to in the bedroom and the fact that you’re looking for hookup sex. That’s generally pretty useless info so yeah, don’t worry about it.

Moving on, let us talk for a moment about your credit cards and again and we have fantastic news. In fact the news is so good, allow us to not only express it in bold, but we’ll underline it as well:

No credit card data of any kind was accessed. ReverbNation never retains your credit or debit card information in our database, so that information was not exposed. ReverbNation takes data security very seriously and we have taken steps to further secure our system against any such breach.

This will save you a trip to the mailbox which would otherwise have been required had your card actually been exposed and the bank then replaced it for you free of charge. We won’t highlight the inconsequential bits after that, namely that we stored passwords inappropriately by encrypting and not hashing and that your name, address, phone and date of birth were exposed and are now being sold on the dark web to the highest bidder. That’s inconsequential stuff in the grand scheme of things.

Which brings us to Ashley Madison. We need to be crystal clear here – your card is fine and anyone who tells you differently is being reckless with the truth:

No current or past members’ full credit card numbers were stolen from Avid Life Media. Any statements to the contrary are false.  Avid Life Media has never stored members’ full credit card numbers.

We know how important credit cards are to Ashley Madison members because once their wife and kids walk out on them for having extramarital affairs which they now know about because of the data breach, easy cash will come in very handy. Same when they’re fired from their job because whilst they might have signed up to the site on the promise of “100% discretion”, clearly that is no longer the case and some people are being fired as a result of their private indiscretions. Avid Life Media is proud to be able to support their members through this time by ensuring they don’t need to wait up to three business days for a new card to arrive.

Despite appearances, assurances of credit card sanctity are not there for the owners of the cards, they’re there for the banks. In the context of their concerns today, members of sites like Ashley Madison couldn’t care less about their cards, but merchants care very much that the PCI hammer may be brought down upon them. Consider that next time you read a statement like those above.

Security
Tweet Post Share Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals