Hell froze over. Hacked firm cares more about its users' security than its corporate image

Right turn.

Hell froze over. Hacked firm cares more about its users' security than its corporate image

We've all seen the type of "advisories" issued by companies after they have been hacked.

"We take our customers' security and privacy seriously", they declare.

Yeah, right. It's a shame you didn't manage to more effectively demonstrate a duty of care *before* hackers ran off with your innocent users' data.

But sometimes you'll stumble across a firm or website which appears to show genuine regret, and is going out of its way to make things better for any users who were impacted by a data breach.

So, step forward and take a bow TruckersMP - a trucking simulator website which allows you to go "trucking alongside thousands of other enthusiasts." (who knew, eh?)

As Troy Hunt reports on his newly-spangly blog, a data breach of TruckersMP's gaming forum saw some 80,000 accounts exposed:

News of the breach was published on their website on Feb 25 at 19:39 which is 2 hours and 9 minutes after they first discovered the incident. That discovery was only 30 minutes after the incident took place. The succinct blog post explains what happens and then offers an apology, all within a few hours of the event.

Truckersmp blog

That's a pretty good response by TruckersMP, to a clearly unfortunate incident.

But what they did next sets them apart from the vast majority of other hacked companies out there.

TruckersMP reached out to HaveIBeenPwned, the website run by Troy Hunt to help internet users determine if their details were compromised in a data breach.

TruckersMP not only told Troy about its data breach, but also shared the details of the exposed forum accounts with Have I Been Pwned in order to let members easily check if their credentials might have been put at risk.

As TruckersMP's sysadmin explained to Troy:

"We're decently security minded and feel a responsibility and duty to inform our users when such a breach happens. All of the members of the team agreed it'd be ok to be added to the list with the notion that we'd like to see other sites do the same as well; given the unfortunate chance."

TruckersMP knew it wouldn't look good admitting that they had been breached, but they cared for their users' security more than their image.

And you know what? The transparency and obvious care for its user community has actually probably done a heck of a lot of good for TruckersMP.

There's always lots of bad news to report in the world of computer security, so it's great to sometimes be able to applaud the actions of a website which - even though it has suffered a data breach - did something right.

So thank you TruckersMP for doing the right thing for your users. Plenty of others could learn from your example.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

One Response

  1. Simon

    April 26, 2016 at 11:20 am #

    Honesty is the best policy.

    Granted, a breach occurred which might of enrage it's user-base, but they cannot be mad towards TruckersMP for coming clean.

Leave a Reply