not emailing users regarding breach

According to this slashdot post, does not plan on notifying users regarding its recent account security breach.

Granted, they’ve listed a fairly prominent Security Notice on their home page, but it seems a little irresponsible to not email their clients, or automatically force a password change for these accounts. I suspect most institutions would do that by default in the event of a compromise.

Last time was breached (in 2007), they supposedly snail mailed millions of users warning them, worried that users wouldn’t trust email as a result of the breach. Perhaps they’ll snail mail again?

Posted by d2d.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: