|
|
They later claim that "Since being notified, we have investigated the incident and we are confident this was not caused by a problem on the taste website itself."
One wonders, does this mean that the database was obtained by means other than hacking the site (if so, how?) or was it by design (and thus not a problem on the website).
Probably the only sensible thing was to observe, "Should you be using this password for any other online services we also recommend that you change those passwords." iTWire has frequently railed against password re-use but this has always been considered a futile battle but it's at least nice to see a hacked organisation recognise the issue.
Taste claimed to have sent the email to all those affected; presumably they know which version of the database was taken and have addressed that list. The problem of course is for those members who have heard of the attack, but did not receive an email. Does that mean they were not included? Perhaps the email was never delivered.
What has the user reaction been?
|
Although requesting that affected users contact a provided email address (given in the breach notification email) this was of no help to those who knew of the breach but received no email.
People (for very obvious reasons) flooded the online forum with many questions. The first was posted on Friday November 4th at 8:13am and it wasn't until the eighth message at 10:59am that an admin responded. This was the ONLY response in the entire thread.
Worse, one very telling message (immediately prior to the admin message) asks (minor edits for clarity):
"When you join "Taste" there are a number of asterixed fields that you are required to fill in, these include name and address etc.
"Could you please let us know if that data along with D.O.B. or any other "Profile" identifiers was also compromised along with potential passwords ?
"Presumably if this was an old database, changes to passwords made subsequently to the date of that DB decommissioning aren't affected. Could you please let us know the date up to which, or from which our passwords and data are secure."
At the time of writing, there has been no answer.
iTWire has a number of very important but as yet unanswered questions about this incident.
|
As a result of the breach, the site appears to have expired all affected passwords as they are insisting affected users make use of the "forgotten password" function rather than logging in and changing it via the my profile link.
So, a set of open questions to Taste:
- What was the date of the breach and also the datestamp of the data file taken?
- What data was contained in that file?
- What reparation are you offering to affected members? If the loss is as bad as it might be, your users will be exposed to considerably greater problems than mere spam email; fraud and identity theft for instance.
- On what date did you advise both the State and Federal Privacy Commissioners?
The full email to affected members is on the next page.
|
Hello friends of taste.com.au:
Yesterday we identified that information about our members was potentially exposed by illegal and unauthorised access to an old version of our database.
As a result, some users have received spam email. We apologise for this incident. At taste we take privacy very seriously and never give out any information about our members without permission.
Since being notified, we have investigated the incident and we are confident this was not caused by a problem on the taste website itself.
As a precaution we strongly recommend that you change the password connected to your taste.com.au email account. Should you be using this password for any other online services we also recommend that you change those passwords.
Asking you to reset your passwords may be an overreaction and we apologize for the inconvenience, but we'd rather be over-cautious when it comes to your privacy. Our members are what have helped make taste what it is today.
We are further strengthening taste.com.au security to minimise any further risk to you. Again, please accept our sincere apologies if you have received a spam email. The taste.com.au team look forward to continuing to serve you the best online food experience in Australia.
If you have any concerns please email admin@taste.com.au.
The Taste Team.
