Nowadays, you are more likely to first learn of breaches on Twitter than from the entity’s site or email, as this thread today from Hack The Box demonstrates:
Dear users – we apologise unreservedly for the recent disclosure of email addresses. A statement will follow shortly regarding the cause, impact, and preventative measures that we’ll be putting in place to ensure this never happens again.
— Hack The Box (@hackthebox_eu) February 2, 2018
At approximately 17:30 GMT, an email task which was written to re-send failed receipt emails for VIP subscriptions was started. This email task had a flaw, which meant each subsequent email was sent to all previous recipients.
— Hack The Box (@hackthebox_eu) February 2, 2018
Approximately 1000 email addresses have been disclosed, affecting VIP users who paid via Stripe. Hack the Box takes the privacy and security of our users extremely seriously, and can only apologise unreservedly for this breach of your trust.
— Hack The Box (@hackthebox_eu) February 2, 2018
We will be ensuring that all future changes that affect or touch user data go through strict review prior to deployment.
— Hack The Box (@hackthebox_eu) February 2, 2018