In an article recently found, we’re learning about Ace Hardware and a potential attack. Over 7200 people affected, 1200 servers if I am reading this correctly.
The thing is, we’re learning about this two day issue now, and its just after April. That’s 5 months and some days later. If I had an issue, as soon as it waas fixed, I would be reporting on it.
Let’s take this April 2020 post mortem report. In the post mortem report, I determine that at that particular time, AT&T may have had an outage that made it impossible to get to certain pages. When calling AT&T, they said they could access my page just fine which made the whole thing more confusing to me.
We also had issues over at the mix. While i didn’t really understand it, I ended up deleting files that may have been tainted somehow as the site came back up after doing this. This is that post mortem.
I’m not saying that we’re perfect, in fact, things broke. But I went on instinct and did the best I can and they understood.
I even wrote a post mortem for a site most of you will never even go to. This post mortem talked about the fact that a third party said we had no SSL certificates, yet let’s encrypt ran more recently on most of the domains that I run including EMHS, jaredrimer.net and others.
During jaredrimer.net’s ordeal, SSI had expired, so it was going to reissue the cert minus SSI if I didn’t take care of it and it emailed me daily. I eventually removed SSI and the cert ran with no other issues.
These reports went out within days of resolution, not months or even years.
Ace Hardware client data affected by cyberattack is the article dealing with Ace Hardware. Am I the only one that feels like this is complete utter crap that we as the general public can’t be notified of what happened?
Breaches, mistakes, misconfigurations, and SSL issues will come up. Its OK to put out a report and tell the general public what you have discovered and how you plan to fix things to try and not have it happen again.
Every one of us is human. We all can make a mistake. Its what we do after that mistake if you’re a company of any size that can keep your trust.
Even though the JRN does not claim to make a whole lot of money, we do our best to make sure that if we don’t know, we find out and learn about it the best way we can.
The good news is that Ace Hardware says that no customer facing services were affected, yet they held up shipping orders for those two days so that’s a lie.
Read the full article for complete details and thanks so much for reading.