Yeah I'm confused why companies tells us DAYS after something serious happened as opposed to right away. I can understand waiting a day but 3 whole days?! I just don't understand the delay.
It's our data, we should have the right to know what happened to it.
"why companies tells us DAYS after something serious happened"
Companies are people. And all the relevant parties involved in handling this may not be accessible to make a decision as quickly as needs to be done. Or at least quickly enough to satisfy all people.
Do you feel you suffered any harm in particular by the delay of three days?
I'm mainly complaining about the delay in telling us anything.
What I would love is an update whenever they suspect an intruder has accessed sensitive information. Many websites like Dropbox and last.fm do have a server status where they tell us if they have any planned maintenance or just general status of the server. Why can't Apple and the rest of the big companies do that?
Also, Apple first said it was just regular maintenance. I'm just confused as to why they said that instead of telling us the truth.
Likely because if you say "we are investigating a possible data leak" and then end with "we discovered it was an undocumented maintenance event by someone on the engineering staff, we have added more detailed logging as well as a better maintenance process so we can be clear about this in the future", many people will think the worst. It's unfortunate.
Yes, but it doesn't take more than a day to know that an intruder had accessed the system in a way that may have compromised your personal information.
Basically, once the problem was serious enough that they felt like they needed to take the site down, I'm pretty sure they knew which machines had been accessed (or at least may have been accessed). They knew that some of those machines had developer's personal information. They could have posted as much up front, rather than waiting 3 days to do so.
No, they likely took the portal down as soon as they knew there was a breach. Highly unlikely they left it up while they investigated, and it takes time to figure out what happened and how much information was taken.
> No, they likely took the portal down as soon as they knew there was a breach. Highly unlikely they left it up while they investigated, and it takes time to figure out what happened and how much information was taken.
They still haven't said anything about how much had been taken.
My point is they knew how much could have been taken. They knew what machines were at risk; hence taking them down. If those machines that were at risk had sensitive personal information, they should have notified the people affected right away, not three days later.
Taking the site down, with no indication of why, and waiting three days to tell people that their personal information may be at risk (and remember, the possibly compromised information includes credit card numbers, as there are a number of things you need to pay for in your developer account) is just crazy.
You should be upfront and transparent when the breach first occurs. Of course you don't know exactly what has been compromised; but they are still being plenty vague even three days later. If they had posted three days ago what they posted today, it would be a lot more reassuring.
It's our data, we should have the right to know what happened to it.