New Website Mocks Excuses Given by Breached Companies
November 7, 2019 Share

New Website Mocks Excuses Given by Breached Companies

The excuses made by companies that have suffered a data breach are being parodied online by a new website, whose creator is unknown.

“Why the f*ck was I breached?” uses algorithms to generate a slew of entertaining excuses that attempt to explain how data came to be exposed.

Excuses that appear on the site include “Anonymous collective used that other vulnerability we were going to patch next Tuesday to make a mess,” “Russians used an open window in the server room to transfer 7 petabytes of data,” and “Teenagers used nefarious techniques to do something, but we aren’t quite sure what it is.”

Along with each excuse comes an assurance that no further breaches will occur because the company has taken some kind of action that even a cybersecurity novice can see will be totally ineffective at preventing a similar incident from occurring.

Preventative actions that appear on the site include “We have since worked with law enforcement,” “We have since copy-pasted a security policy we found on Google,” and “We have since watched the movie Hacker 8 times back to back.”

The site opens with the statement: “Did you just lose 100m customer SSNs because your root password was ‘password,’ you set an S3 bucket to public, or you didn’t patch a well-known vulnerability for 8 months? Is the media and government chewing you out because of it? Worry not! Our free excuse generator will help you develop an air-tight breach statement in no time!”

Users can then scroll down to view an auto-generated breach excuse. To make the next excuse appear, users must click a button that reads “Equifax already f*cking used that one.”

While the site was clearly created for comic effect, by mocking the often vague information disclosed by companies following a data breach it flags the salient issue of how cybersecurity is approached and implemented.

The site aims particular criticism at Equifax, which exposed the personal information of 147 million people in July 2017. Although staggering in size, this breach is paltry when compared to the breaches that affected 3 billion Yahoo users in 2013 and 500 million Marriott customers between 2014 and 2018.

This post New Website Mocks Excuses Given by Breached Companies originally appeared on InfoSecurity Magazine.

Read More