Damage done - and now we're paying the price.
NO.NO.NO.NO.NO. What you really mean is that as per bl**dy usual, your customers are paying the price for your inability to run anything close to a tight ship or act in any way responsibly even when you KNOW there is a potential nightmare on the horizon for your customers. As per usual the attitude stinks. As per usual I have a certain amount of sympathy because I am not naive enough to believe that things don't sometimes go wrong no matter how much effort is put in avoid potential problems but as per usual, that sympathy will quickly evaporate when it no doubt becomes perfectly clear that no testing, QC or service monitoring was effectively put in place before/during/after changes were implemented.
Plus, what value is a password to a spammer anyway? Even if they did manage to overlook any, it's highly unlikely (in my personal opinion) that they'll keep them.
Oh right, of course, an account password is of no benefit to anyone at all which is why we all try to use secure and non-guessable ones then. I mean, it's not like someone could use them to log in to your account and make full use of your account without you necessarily being aware of it is it ! So no problems at all there then. No one would be in any way interested in account passwords and the potential for getting at more personal information or making relatively free use of the PN servers or generally being a right old PITA then.
All the following "quotes" are paraphrased from the current service.status announcement:
"We take your security seriously" Yeah right!, you just *know* whenever that old chestnut gets trotted out by absolutely anyone that it means a really big problem is a'coming.
"We became aware on 9th May" Oh great, thanks for letting everyone know in a timely manner and thanks for keeping an eye on things immediately after that so you were able to spot the problems starting long before your customers did.
"as a result of the attack we are contacting" And it took from 9th May until sometime today(ish) to start contacting customers who
might be affected ? Wow! I can tell PN are really taking things seriously and acting swiftly to control the potential damage then.
"A small number of customers" Oh, yes, of course, it's always a small number of customers isn't it. It's just pure coincidence that more often than not I seem to be one of them.
"your email address may have existed in the Webmail database even if you had not used webmail" WTF is that all about !!! I have always declined to make any serious use of any webmail system offered by PN for the very reason that it could well result in the kind of problem that has happened. Why could my addresses have been in the database and left me totally exposed to PN's gross stupidity ?
IF I have ever used some or all of my affected addresses to log in to webmail (not necessarily to actually send anything) it would most likely have been several years ago at least yet I am receiving a bucketload of [Censored] on virtually all my private and/or carefully distributed addresses that previously had none at all - including to 'postmaster@' and 'my_account_name@' which are both PN published address forms that I would never actually use myself. What it sounds like to me is that
ALL addresses that either have or could be used have been made available to this mystery third party so nothing is particularly 'safe' whether you have used webmail in anger or not.
So, exactly how long ago would you had to have used webmail in some limited way in order
NOT to have had
ALL your valid e-mail addresses harvested ? If I had any confidence that using webmail right now wouldn't compound the problems I am having or about to have, I would log in to find out if/when I last used the system as per someone's comments about logging in 'advanced mode' earlier.
