Billing? ID -> balance. “Very” important data for hackers. They had more? Like card numbers, names, addresses, etc? That’s a bad practice for VPN providers.
You are surprised that a for-profit company that bills people on a RECURRING basis for a paid service keeps card numbers and billing addresses/names? How would recurring bills be paid if the info isn’t stored?
I do understand, you just don’t seem to understand that this testing environment never contained real data. And you can absolutely generate dummy data without having real data to start with.
I say that they shouldn’t have any sensitive information at all. And their claim that it was testing data that leaked shows that they do have that sensitive information. It just hasn’t leaked yet. At least if we believe in what the company says.
Why would *VPN even have ANY data worth taking through breaching?
Same reason as any other online company?
So for selling it to aggregators? That’s bad practice for a VPN-providing company.
You really think thats the primary function for user data? Not like, billing?
Billing? ID -> balance. “Very” important data for hackers. They had more? Like card numbers, names, addresses, etc? That’s a bad practice for VPN providers.
You are surprised that a for-profit company that bills people on a RECURRING basis for a paid service keeps card numbers and billing addresses/names? How would recurring bills be paid if the info isn’t stored?
I’m not surprised. I am accustomed to the shit around.
Just go to the bank (or open your bank application on the phone) and pay.
How do they send you your invoice? Password resets?
The customer can notify ID during payment.
It wasn’t, it was test data
You don’t have any “test data” if you don’t have any “real data”. Why would you?
Uh… this entire event is a strong reason for using dummy data in a testing environment. You shouldn’t ever use production data in a test environment.
You generate dummy data that looks like real data for testing purposes.
You didn’t understand what I am saying.
I do understand, you just don’t seem to understand that this testing environment never contained real data. And you can absolutely generate dummy data without having real data to start with.
No, you don’t.
Ok, then explain it to me.
I say that they shouldn’t have any sensitive information at all. And their claim that it was testing data that leaked shows that they do have that sensitive information. It just hasn’t leaked yet. At least if we believe in what the company says.