Tell HN: Epik have finally informed customers of their data breach
> At Epik, we take security and the privacy of your information very seriously. Therefore as a precautionary measure, I am writing to inform you of an alleged security incident involving Epik.
> Our internal team, working with external experts, have been working diligently to address the situation. We are taking proactive steps to resolve the issue. We will update you on our progress. In the meantime please let us know if you detect any unusual account activity. I am proud of our team’s efforts as we do our part to empower a thriving internet for the benefit of our customers around the world.
> You are in our prayers today. We are grateful for your support and prayer. When situations arise where individuals might not have honorable intentions, I pray for them. I believe that what the enemy intends for evil, God invariably transforms into good.
> Blessings to you all.
> Regards,
> Rob Monster
> Founder and CEO
> Epik Holdings Inc
7 comments
[ 3.5 ms ] story [ 32.1 ms ] threadIf it's to be believed, yes, looks like a torrent is going around. Unsalted passwords, everything
edit: https://archive.is/S6loc mirror of announcement
If this were true, how did they end up with an engineering culture that uses unsalted MD5 to hash passwords?
If you search for "securing passwords," hashing is the first topic covered.
At some point we have to accept that 95% of companies do not take security seriously and decide what to do next.
Perhaps we need an food hygiene rating for software? Every year or two every piece of publicly facing software which deals with sensitive data should be audited for security by approved auditors. Failure to pass such an audit would give the company 6 months to address the issue or close the system to customers until the security issue is resolved.
As part of this audit process companies could be given a "security score" which they would be required to display to their customers kind of how UK restaurants have to display their food hygiene rating to customers. Admittedly, I don't pay a huge amount of attention to a restaurant's hygiene rating, but the fact it's there at least gives me confidence that hygiene is being taken at somewhat seriously by any restaurant I visit. I don't feel the same about security on the majority of websites I visit.
This is weirdly unprofessional phrasing.
I have experienced some choice phrasing myself in business down through the years which I am too shy to repeat :-)