Image: Cathryn Virginia, Motherboard
Big companies that hold our personal data get hacked almost every day, but most don’t really know how to deal with getting hacked, especially when it comes to telling users what happened. If you’ve read some data breach disclosures or notices, you know the classic “we take your privacy and security seriously”—truly the “thoughts and prayers” of cybersecurity. No matter how bad the hack is, companies always have an excuse.
Luckily, there’s now a website that automatically generates more original, and entertaining, apologies you can use if your company gets hacked. It’s called “Why the fuck was I breached?” and its excuse generating algorithm spills out truly hilarious excuses.Here are a few examples:
- “The fucking hacking people used Heartbleed to hack the coffee maker. But we have since worked with industry leading specialists, so it will never happen again.”
- “The fucking Fancy Bears used a vulnerability in Windows XP SP1 to hack the coffee maker. But we have since worked with industry leading specialists, so it will never happen again.”
- “The fucking Iranians used the open door in our basement to transfer 7 petabytes of data. But we have since upskilled our cafeteria staff, so it will never happen again.”
- “The fucking teenage hacking prodigies used nefarious techniques to partially disrupt our services. But we have since watched a YouTube video on cyber security, so it will never happen again.”
- “The fucking cyber terrorists used IoT malware to extract some private keys. But we have since worked with law enforcement, so it will never happen again.”
I’m not a copyright lawyer, but please feel free to use these next time your company gets hacked because at least you’ll make our job, as reporters who cover data breaches day in and day out, a bit more entertaining.The site is obviously a parody, but it’s also a smart, pointed critique of companies’ often lackadaisical and vague data breach disclosures. Perhaps the most notorious example of this is Equifax, which has hacked in 2017 thanks to some truly awful security practices.
What made that breach so special wasn’t just that the company whose sole job is to collect and store incredibly personal and sensitive data about everyone in America somehow lost control of the sensitive and incredibly personal data of one in two Americans. The way Equifax reacted to the hack truly set it apart.Brian Krebs, a well-known cybersecurity reporter, called the company’s response a “dumpster fire.”“I cannot recall a previous data breach in which the breached company’s public outreach and response has been so haphazard and ill-conceived,” Krebs wrote at the time.We could spend a lot of time recalling all the ways Equifax fucked that up royally but luckily Krebs and Wired already did. The point is: the way a company deals with getting hacked, something that can happen to anyone, is almost as important as preventing future hacks.The data breach excuse generator shows how formulaic and useless many responses are. We don’t know who made this site, as the domain registration information is private, but whoever you are, thank you.UPDATE, Nov. 7, 2019: After this story was published, the creators of the site added the logo of the company that's behind it: Reflare, a cybersecurity training company based in Japan and London.Subscribe to our new cybersecurity podcast, CYBER.