No, they likely took the portal down as soon as they knew there was a breach. Highly unlikely they left it up while they investigated, and it takes time to figure out what happened and how much information was taken.
> No, they likely took the portal down as soon as they knew there was a breach. Highly unlikely they left it up while they investigated, and it takes time to figure out what happened and how much information was taken.
They still haven't said anything about how much had been taken.
My point is they knew how much could have been taken. They knew what machines were at risk; hence taking them down. If those machines that were at risk had sensitive personal information, they should have notified the people affected right away, not three days later.
Taking the site down, with no indication of why, and waiting three days to tell people that their personal information may be at risk (and remember, the possibly compromised information includes credit card numbers, as there are a number of things you need to pay for in your developer account) is just crazy.
You should be upfront and transparent when the breach first occurs. Of course you don't know exactly what has been compromised; but they are still being plenty vague even three days later. If they had posted three days ago what they posted today, it would be a lot more reassuring.
No, they likely took the portal down as soon as they knew there was a breach. Highly unlikely they left it up while they investigated, and it takes time to figure out what happened and how much information was taken.
What motivation would there be to wait anyways?