[hthrowaway5]

> At Salesforce, we understand that the confidentiality, integrity, and availability of your data is vital to your business [...]

Hey Bob, why didn't you tell your customers a month ago to rotate their creds just to be safe? This is flat out insulting.

[yeskia]

What's more - the public status page of this security incident (https://status.heroku.com/incidents/2413) doesn't mention that these secrets were compromised. They chose to send this notification privately instead.

[glenngillen]

But… “We value transparency…”

Give me strength.

[imdsm]

The true masterstroke though is shutting down Heroku so that the negative press of this doesn't affect it. "What is dead may never die!"

[krono]

> At salesforce.com, inc., trust is our #1 value

Their legal pages[1] are filled to the brim with those ridiculous statements. I never understood why they'd even bother making it sound nice, especially not for B2B.

Customers won't trust the message and likely can't use them in court, and they themselves must surely know they're creating expectations that they can't guarantee to meet.

[1] https://www.salesforce.com/company/legal

[tarsinge]

Regarding values I like to ask myself if another company would defend the opposite for smelling emptiness.

[bslorence]

Reminds me of Jakob Nielsen's rule for writing a good "About" page. If you can insert a "not" into a sentence and get something that no other company would ever put on their own About page, the sentence is worthless.

[jchw]

Is Salesforce potentially in violation of EU law regarding data breach notifications? It seems like they either knew the scope of the breach was likely to be much bigger (based on the fact that the investigation was ongoing) or flat out had evidence that it was already. But that said, I don’t know how that all works. So I’m genuinely curious if there’s a possibility this is illicit.