Troy Hunt writes:
I see a lot of data breaches. I see a lot of legit ones and I see a lot of fake ones and because of that, I always verify them before making any claims that an organisation has been hacked. Usually I’ll verify and then in conjunction with journalists I know and trust, there’ll be a private disclosure to the company involved. Good journos are very adept at getting answers to these things and when it’s going to be a story that hits the news anyway, it ensures there’s a way of getting responses from the impacted organisation before it hits the interwebs. Every so often though, we all get left totally stumped as to what actually went on.
Such has been the case recently for a data breach that I’m highly confident is legitimate but nobody wants to “own”. I’ve worked with a couple of different trusted journos who are very good at getting answers but have ultimately been unable to draw the saga to a conclusion, largely because neither of the parties I believe are involved believes the breach originated from them. So I’m just going to write about the whole thing here, lay the facts out as they stand then see if anyone wants to own it once the details are public.
Read more on TroyHunt.com.