There are people on Twitter stating we were trying to hide the security incident and didn't contact anyone. We literally emailed everyone, posted an announcement, and had a Pod about it all within hours of being notified.
06:51 AM - Feb 05, 2024
In response to Christopher Bouzy.
Incorrect. I didn't get an email from you, but I got one from HIBP saying my info was leaked. Not cool.
07:32 AM - Feb 05, 2024
In response to Darren.
Nice job creating an account you never used just so you could pop in here today to spread bullshit.
07:45 AM - Feb 05, 2024
In response to Michael J Sheridan.
I created a lot of accounts in different places in the post-Twitter diaspora because it wasn't clear where the future was heading.
But instead of attacking me, why don't you address the content of what I wrote? I never received an email from Spoutible on this, only HIBP.
But instead of attacking me, why don't you address the content of what I wrote? I never received an email from Spoutible on this, only HIBP.
07:48 AM - Feb 05, 2024
In response to Darren.
Mainly because I only have your word that you never received an email, and have no reason to believe that you're acting in good faith. You haven't earned my trust.
07:50 AM - Feb 05, 2024
In response to Michael J Sheridan.
And Spoutible has, after it was shown that they leaked a ton of info about its users? What about the person who replied to me also saying they didn't get an email?
And I don't care about earning your trust - my message wasn't even to you to begin with.
And I don't care about earning your trust - my message wasn't even to you to begin with.
07:54 AM - Feb 05, 2024
In response to Darren.
You mean the other completely unused account that just popped in today to "confirm" your story?
I'll place my trust in someone who has been level with me every step of the way over the past year, not some randoms who only show up to attack and spread disinformation.
I'll place my trust in someone who has been level with me every step of the way over the past year, not some randoms who only show up to attack and spread disinformation.
08:03 AM - Feb 05, 2024
In response to Michael J Sheridan.
It's not disinfo. I didn't get an email. You should be questioning @cbouzy on why he leaked everyone's info, not randomly attacking people who were impacted by their bad practices.
08:08 AM - Feb 05, 2024
In response to David James.
I joined like many did, in the post-Twitter diaspora looking for a new home. I decided this place wasn't it.
And judging on how I'm being attacked for raising legitimate questions about their security practices, I think I was right.
And judging on how I'm being attacked for raising legitimate questions about their security practices, I think I was right.
09:13 AM - Feb 05, 2024
In response to Darren.
Your questions are NOT legitimate, they are unsubstantiated accusations
There may be some legit questions about the incident, but you are NOT raising them by mischaracterizing the incident from the first syllable
This is not now responsible professionals act
There may be some legit questions about the incident, but you are NOT raising them by mischaracterizing the incident from the first syllable
This is not now responsible professionals act
10:01 AM - Feb 05, 2024
In response to Jim Plunkett.
I didn't receive an email. I am not mischaracterizing anything.
Why didn't Spoutible force a password or 2FA reset for its affected users?
Why didn't Spoutible force a password or 2FA reset for its affected users?
10:27 AM - Feb 05, 2024
In response to Darren.
I did. There could be a myriad reasons for email failure far beyond Spoutible's control
No one "leaked your data" — that is an entirely different act than being hacked using an unknown vuln. — you are grossly misrepresenting the situation (not enough data to determine if it's intentional)
No one "leaked your data" — that is an entirely different act than being hacked using an unknown vuln. — you are grossly misrepresenting the situation (not enough data to determine if it's intentional)
10:56 AM - Feb 05, 2024
In response to Jim Plunkett.
Or, can you admit there's a possibility Spoutible didn't send the email to everyone?
Also, this was a leak, see here for more info:
https://www.troyhunt.com/how-spoutibles-leaky-api-spurted-out-a-deluge-of-personal-data/
Also, this was a leak, see here for more info:
https://www.troyhunt.com/how-spoutibles-leaky-api-spurted-out-a-deluge-of-personal-data/
11:04 AM - Feb 05, 2024
In response to Darren.
Yes, there is a *possibility* that you were somehow omitted from the email list
It is only one among many possibilities, and neither you nor I have sufficient data to determine it
A "leaky api" is not a leak
A leak is where an insider deliberately (often surreptitiously) releases info ...
It is only one among many possibilities, and neither you nor I have sufficient data to determine it
A "leaky api" is not a leak
A leak is where an insider deliberately (often surreptitiously) releases info ...
12:02 PM - Feb 05, 2024
In response to Jim Plunkett.
I disagree with your definition of a data leak, and I believe you are misconstruing data leak with data breach.
A data leak is simply the unintended release of sensitive info. It doesn't have to be because of a bad actor, it could just be due to poor security practices - exactly what happened here.
A data leak is simply the unintended release of sensitive info. It doesn't have to be because of a bad actor, it could just be due to poor security practices - exactly what happened here.
12:30 PM - Feb 05, 2024
In response to Darren.
You said:
"question...why he leaked everyone's info"
You used the active voice, very specifically casting the action as intentional & sinister — "J'accuse!"
Fact is, this is at worst a passive error
Now claiming ambiguity with definitions is weasel-wording; you owe @cbouzy a correction & apology
"question...why he leaked everyone's info"
You used the active voice, very specifically casting the action as intentional & sinister — "J'accuse!"
Fact is, this is at worst a passive error
Now claiming ambiguity with definitions is weasel-wording; you owe @cbouzy a correction & apology
01:07 PM - Feb 05, 2024
In response to Jim Plunkett.
I said "he" because he is the CEO of this organization, and responsible for what happens on it.
And no, I don't owe him an apology - his site's poor configuration leaked my PII and he didn't even bother to notify me.
And no, I don't owe him an apology - his site's poor configuration leaked my PII and he didn't even bother to notify me.
01:17 PM - Feb 05, 2024
In response to Darren.
Spoutible sent out hundreds of thousands of emails alerting users to the breach within hours of finding out about it. "Didn't even bother to notify" is such a crock. You may not have received an email, but they absolutely did bother. 🙄
01:25 PM - Feb 05, 2024
In response to Darren.
As noted in my comment, I was responding to your accusation that they "didn't bother" to notify you.
01:32 PM - Feb 05, 2024
In response to Darren.
Right, because they personally singled you out. Why am I not surprised that you continue to make this all about you...six hours and counting now on this one thread.
01:43 PM - Feb 05, 2024
I'm not saying they personally singled me out. I'm just saying that I DIDN'T GET AN EMAIL. Others have said the same thing. There could be a million reasons why.
And it's been six hours of me defending myself against "Investors" all because I questioned the site's CEO about an awful data leak.
And it's been six hours of me defending myself against "Investors" all because I questioned the site's CEO about an awful data leak.
In response to RA.
01:47 PM - Feb 05, 2024
In response to Darren.
Nothing to defend yourself against. I didn't get it, either, and we're clearly not alone. I think we've made that clear enough; no point arguing over it.
02:04 PM - Feb 05, 2024
In response to Darren.
See previous comment for my response. As for being an investor, Spoutible is crowd funded. Investment costs less than a Prime membership.
01:49 PM - Feb 05, 2024
