As everyone knows, this is an important time for AC as it transitions to Pri-Med. AC is working diligently to release v6.5.4 and continues to work on v7 while trying to make the Cloud Version more accessible.

While it probably should be, it is likely that the security of AC's servers that host the userboard may not have been as good as it should have been.

One thing to ponder: According to the 2013 Data Breach Investigative Report, 66% of breaches were not discovered for months to years. AC's was discovered in less than five weeks. This speaks volumes to the safeguards which must have been in place.

Let's look at a few companies which were hacked between 2012 and 2013, and some of them were hacked more than once.

Facebook
Microsoft
Twitter
NBC
Evernote

And, we all know that there have been many, many more huge companies who have been compromised in the past.

It is interesting that while many computer users are wary of storing data in the cloud, very few cloud companies were hacked.

By law, Amazing Charts is obligated to advise anyone whose information was compromised that his or her information was obtained and what was obtained. This is what AC did. They sent emails notifying THOSE USERS whose email addresses and passwords were taken. I do not believe their intent was to notify every Amazing Charts user since they were taking the right steps to rectify the situation, which they have. There seems to be nothing positive to be gained by informing the entire user base, when such a small subset of those were compromised. I do not mean to downplay what happened as it happened to me as well, but, again, according to the DBIR, this year authored by Verizon Security Risk Division which collects data breach information from all over the world, if you are even a fairly well known company with a public website or forum, it is only a matter of time before hackers exploit your weaknesses. The important thing is that you detect it quickly and correct the security holes.

It should be known that any email, whether it is your current profile email or one no longer used, can be harvested as long as it was used at any time in the past.

I suppose it is up to each user who received notification to decide if it is in AC's and/or their best interest to post the events on the board. This is likely the reason it was not posted as a status update.

From my perspective, I wish we could stop this thread right here and use PMs. Just my perspective.


Bert
Pediatrics
Brewer, Maine