Back in March, Security Discovery reported a leak involving KeepNet. This site had picked up that reporting and linked to it. Shortly thereafter I was contacted by KeepNet. Based on their statement and the fact that Security Discovery revised their own report, this site deleted KeepNet’s name from the reporting and simply linked to Security Discovery’s post.
Some people who had named KeepNet in their reporting and didn’t remove it were apparently threatened with litigation. Yesterday, Graham Cluley wrote, “After threatening me with legal action, Keepnet Labs finally issues statement over data breach.”
Threatening security researchers or journalists is not a good look, especially for a security firm. If the leak was due to a third-party vendor, why didn’t KeepNet just come out and say that months ago instead of trying to squash all reporting?
It’s 2020. There are tons of leaks and incidents. This would be a great time for all entities to get training on how to deal with researchers and journalists in transparent, constructive ways.