Quote:
Originally Posted by Alexander Turcic
I disagree. At the moment they discovered someone attempted to hack their server(s) they could not have known the extend of the hack. Likewise, they could not have ruled out that any customer-sensitive information leaked out. Had I been a customer, I would have insisted in being notified immediately of the potential thread that someone illegally obtained my personal information (which may have included sensitive data such as my credit card number).
|
Thinking about it a bit more, not getting email till after the site was back up made sense: the list of registered users and email addresses for same was
on the server, and sent
from the server. Can't
send the email till the server is back up...
Given that, the "down for maintenance" screen could have been more informative. Something on the order of "We have discovered a potentially serious problem, and taken the server down while we investigate. We will be offline for several days or more. Please check back regularly. We will send email when we are finished explaining what happened." would have been an improvement.
When the site first got taken down, all we knew was there was an unscheduled outage. It wasn't till we got the email we knew why. I don't think "We may have been hacked, and your personal info may be at risk. The site is down while we investigate!" would have been a good idea.
______
Dennis