Across the ditch, Australia's number one daily deal site CatchoftheDay.com.au has been facing a firestorm of criticism. They recently revealed to customers that they were hacked and credit card details and their encrypted password file was taken. That is bad enough, but there's more. This hacking incident happened over 3 years ago!
No, they didn't inform their customers for 3 years that their passwords and credit card details had been potentially been compromised.
Why is this a problem? Well in this instance, files containing both credit card details and encrypted passwords were hacked. Immediately some credit cards were used illegally. And Catch of the Day helped authorities to fix those issues at the time.
But they never told customers that weren't immediately affected by fraudulent charges what happened. Now, 3 years on, they are getting worried that the password file may be able to be opened.
The password file is encrypted which means that the hackers can't access it. But over time, hacking technology increases and there is always the possibility that they could soon crack the passwords of all the customers. Then they can use the passwords to access emails, log in to sites, log in to banking sites etc. So it's a real risk.
Of course, even if they do crack the file, many people wouldn't have changed their passwords since 2011. And what about people that use the same password for many sites. That password could potentially used to open email accounts, or even worse, bank accounts.
CatchoftheDay in 2013 enlisted the help of Jason Alexander (who played George Costanza in Seinfeld) to help marketing their site. While Jason obviously didn't know that the company was sitting on this big negative news story, it shows that they were prepared to risk a star getting embroiled in potential backlash about this. Maybe that's why this story took so long to come out.
It's simple. If a company finds data was hacked they should tell customers straight away so they can change their passwords. Yes, it's bad for business, but worse is customers having emails opened, illegal credit card charges,scams, ransom and anything else.
It's bad enough a site having lax security and data being taken. But to be kept in the dark about it is wrong. It's dishonest, and for 3 years they have sat there knowing this was a big potential issues, and they let their customers be at risk.
It's a bit of karma for Catch of the Day as this was the company that registered groupon.com.au and groupon.co.nz to try and stop Groupon from starting up down under.