AskHubski: What do you do when a company whose product you use screws up?

a thoughtful web.

Good ideas and conversation. No ads, no tracking. Login or Take a Tour!

AskHubski: What do you do when a company whose product you use screws up? · 8

forwardslash · 4837 days ago

Over the years many sites have made gaffes, had technical issues, or been hacked and many leave these companies services and stop buying their products. How badly would a company have to screw up for you to leave and what, if anything, would they have to do to make you stay? Would the password database of a site or service you use being hacked bring you to leave that site or service? Would things like if they had stored their passwords in plaintext like Plenty Of Fish [1] or had weak encryption like Gawker affect your decision? How much would their response to the situation affect your decision?

I wanted to ask this as I was watching the github hack news with some people coming out impressed with them and their response[2] and others not so much [3]. For me it was easy to not use PoF or Gawker or even Sony products after their series of password hacks as I didn't use them in the first place, but I love github. I would think, though, that those who make these mistakes would be more able to prevent it from happening again in the future than a company who didn't. Not only would they learn from the mistake, but there is monetary motive to do everything to prevent something similar from happening as patio11 pointed out [4].

[1] http://grumomedia.com/why-plenty-of-fish-stores-passwords-in...

[2] http://jtimberman.housepub.org/blog/2012/03/04/github-is-cla...

[3] http://chrisacky.posterous.com/github-you-have-let-us-all-do...

[4] http://news.ycombinator.com/item?id=3665006

tweet · print · htmlmarkup tips · 0

dublinben · 4836 days ago · link ·

There's no such thing as perfect security. I'm more concerned about an organizations attitude towards security, than whether they're actually compromised. Sony was severely negligent with the PSN security. GitHub seemed to do everything right when presented with a weakness.

+discuss+discuss

thenewgreen · 4836 days ago · link ·

I think that there is an unhealthy disconnect between electronic data and physical property in the eyes of the consumer. People don't associate the compromise of a firewall/security the same way they would the compromise of say, a bank vault.

Would you bank with a company that didn't lock their doors at night and had no security guards? Probably not. But somehow, for most people, this doesn't seem analogous.

+discuss+discuss

–

cynthianews · 4836 days ago · link ·

What does Hubski use to help prevent hacks? or diminish their effects?

+discuss+discuss

–

mk · 4836 days ago · link ·

Hi cynthianews. I can tell you that passwords are hashed. Also, Hubki doesn't use a traditional stack, so some exploits don't map. Even though we don't have extremely sensitive data (email is probably the most), it's something I take seriously. I assume that people will try and are trying.

If it happened, I'd let you know what I did. I'd rather overreact than under-react.

We have a really mean looking dog too.

+discuss+discuss

–

cynthianews · 4836 days ago · link ·

Good to hear, thanks for answering. :)

+discuss+discuss

thenewgreen · 4836 days ago · link ·

That is most certainly a question for mk.

+discuss+discuss

–

cynthianews · 4836 days ago · link ·

ok :)

+discuss+discuss

scarp · 4836 days ago · link ·

It would depend on the sensitivity of the compromised data and how the data was compromised. If I had reason to believe that it was a freak accident type of thing and nothing of value was lost, then I wouldn't worry about it. But if it were a company that holds sensitive financial data of mine and it has a history of security compromises, I would probably either close my account or demand that my data be removed from their database.

But then, if it's a company whose services I use frequently, I don't know. I have credit card information attached to my Playstation Network account for convenience despite last year's incident. I wasn't a customer of theirs at the time of the hack, so maybe that matters. Perhaps I assume that a high profile company like Sony would make it an extremely high priority to fix the issue since they could not afford to have this happen to then twice, but perhaps that is a foolish position to take.