Reputation.com, one of the places that helps to bury negative search results about you, has been hacked.
The online reputation management company on Tuesday sent a letter to customers telling them that its network security personnel had recently discovered and "swiftly shut down" an external attack on its network.
Reputation.com said in the letter that the intruder(s) managed to siphon off names and email and physical addresses. In some instances, phone numbers, dates of birth and occupational information was also filched.
On top of that, a list of salted and hashed passwords for "a small minority" of users was accessed, the company said.
Although it's "highly unlikely" the passwords could be decrypted, the company immediately changed all users' passwords, it said.
What was not accessed:
- Financial information, such as credit card numbers or bank account information, which the company doesn't store (hurray!),
- Social Security Numbers and drivers license numbers, which the company doesn't request (hurray!),
- Account details, including why users retained Reputation.com's services (hurray! I imagine that could get embarrassing and potentially be used to make negative content about users zoom back up in search results),
- Communication between users and Reputation.com, and
- Any details about the services users have received.
An interesting point is that the extent of the breach didn't trigger any legal obligation, worldwide (except for the US state of North Dakota. Hurray North Dakota!) to tell users about the breach, but the company thought it was important enough to let them know anyway.
It's such a kick in the teeth.
You think you find a site that helps you keep your private data from dribbling out of the myriad online places that siphon it off.
You imagine that the online sliming left by trolls, unhappy customers or whomever's out to get you has been, if not strangled entirely, at least buried far enough down in search results that its babbling just might be muffled.
Then somebody or somebodies goes and tries to stick a pin in those mission statements.
Well, it appears that Reputation.com's work to do those things hasn't been compromised by the attack, and much of the reason for that has to do with good security practices.
So kudos for going above and beyond disclosure requirements, and kudos for salting and hashing passwords, Reputation.com.