|
|
|
|
|
|
by ghshephard
4790 days ago
|
|
|
There is a lot of inside-baseball in this, but the one they keep talking about, is, "shred customer data" - as in, " Recognizing their situation, we instead told them that if they acknowledged HTP in their analysis, we'd go ahead and shred their customer data anyway." Do they honestly, for a single second, think that any LEA, corporation, or, well, anyone would believe that once the information was compromised, that there was no putting the genie back in the bottle? Also - I suspect there are probably disclosure laws that had to be followed by Linode anyways. |
|
|
Comply, and trust the honor of black hat hackers?
Or refuse, and have customers' data appearing on FTP and torrent sites within the day?
As a Linode customer, I would rather them choose the latter. Not to try and sweep the incident under the rug (to your point about disclosure) but to prevent the data from being scraped by groups who exist solely for extracting credit card details from releases by groups like HTP (note the reference to "carders" in the article) and then being sold.
(According to Linode's own post, the CC data were encrypted, meaning that it should be intractable to actually extract usable CC numbers from the data. But why would Linode not accept those terms, even if they believed that HTP were lying? At least it would give them until 1 May to get their house in order.)