Revisiting post: 'No email to notify customers about forum data breach. Why?'

Tomatillo
Tomatillo
Community Member

Respectfully to AgileBits, Inc., open dialogue on the issue should not have been closed. We need to be more democratic about things, regardless of whether you understand there was no danger to your clients and that the compromise to which you made us aware (if we logged in) was in no way your responsibility nor fault. Folks using a forum password elsewhere may have wanted the option of changing it elsewhere, regardless of whether Vanilla was or wasn't aware of any use of the breached information.

How you handle something seemingly innocuous like this establishes/bolsters trust or it can diminish it. It is my opinion that you lost a good opportunity.

To the point:

a) Since your platform is hosted on AWS, our concern may be that _**all **_future culpability could be shifted to third party, as in this case it was Vanilla, the forum software you use.

b) Customers were clearly telling you they would like to be notified by email when there is a compromise such as that which occurred with your forum. While you may fully expect a resultant and undeserved panic, wildfire, and unreasonable reaction -- your customers are telling you they desire a different handling of your response to the problem and, after all, they keep the lights on. Your closing the thread to terminate discussion was interpreted, even by many of your staunchest supporters, as an extremely heavy-handed, tyrannical response to ignore client concerns and slam the door on their discussion. It does not instill confidence, and it very likely results in resentment on the part of those conveying their preferences to be notified by email of any such compromise.

Thanks for listening and for upholding a most basic forum tenet when folks are engaged in civil discourse.

With appreciation,

Your loyal customer


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @Tomatillo

    Thank you for your concern. We understand that if people didn't care, they wouldn't write in. We appreciate that care and concern. The other thread was closed as we don't have any additional public comment to make at this time. We've covered the situation in our announcement post here:

    Forum password reset — 1Password Forum

    That said, you're welcome to reach out to our security team at security@1password.com with any questions or comments, and perhaps further public statement can be made following such a conversation.

    Thanks!

    Ben

This discussion has been closed.