“We take security seriously”, otherwise known as “We didn’t take it seriously enough”

I hate getting notices like this one from a few hours ago:

Sadly, we became aware this afternoon that the server which hosts our forums and blog was compromised. We are still investigating, but as far as we know, the attacker only gained access to these parts of our systems. Rest assured that credit card and other payment data are not stored on our servers at all.

I’ve had many of these already over the years and I’m sure I’ll see many more in the years to come, that’s just how the web seems to work these days. But here’s what really got my attention in Plex’s email today:

We're sorry for the inconvenience, but both your privacy and security are very important to us

Oh good, feeling much better now! So privacy and security are important, but with the benefit of hindsight, probably not important enough. Which got me thinking about all the other times I’d seen similar statements and just how hollow they’ve now become; it’s corporate speak personified. To demonstrate, let me stand back and let others to do the talking in this post…

Anthem after 78.8M customer and employee records were exposed


Adult Friend Finder after 3.9M accounts of people looking for sex were exposed


Gaana after 10M records were exposed


Samsung after 600M devices were found to trust unsigned SwiftKey updates


eBay after 145M records were compromised

We take security on eBay very seriously, and we want to ensure that you feel safe and secure buying and selling on eBay. So we think it’s the right thing to do to have you change your password. And we want to remind you that it’s a good idea to always use different passwords for different sites and accounts. If you used your eBay password on other sites, we are encouraging you to change those passwords, too.


The FBI after 4M OPM records were breached

"We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace," the FBI said in a statement.


Westnet after 30k accounts were hacked

"iiNet takes the privacy and security of customer information extremely seriously and is heavily invested in the proactive monitoring of its infrastructure to ensure the risk of such intrusions is minimised," he said.

Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals