|
|
|
|
|
|
by Rjevski
2968 days ago
|
|
|
If the previous breaches are of any indication, it's that users don't give a shit - many major websites have leaked passwords (https://haveibeenpwned.com/PwnedWebsites) and they're still alive and kicking; for the ones that have gone down the drain (Yahoo!) it was more because the service itself faded into irrelevance. Based on that I'd say it would be pretty safe to disclose a breach and reset all passwords; if your service is relevant your users will stay with you, and if not then not disclosing a breach will only buy you time before the inevitable happens anyway. |
|
|
Twitter did disclose this, through email and on first login. Anyone they'd lose because of the breach is long gone and I also think it's probably next to nobody.