Dear Sir/Madam,
We were recently made aware of a server misconfiguration that potentially exposed certain customer information from our eCommerce online platform for a short period of time.
Translation: “We definitely leaked your personal information to the world. Those bastards at Google even picked it up, so now it’s cached forever.”
The server misconfiguration had been fixed on 9 September, 2020, prior to the lapse being made public and there is no indication of any unauthorized access to the information.
“We have no idea when we fucked up, but it was probably when we first set up the server. We didn’t realize we should disable public access to Elasticsearch, so we also have no clue if anyone accessed your information. Our lawyers say that’s a good thing: no proper security logs means we also have ‘no indication of any unauthorized access.’”
The server misconfiguration potentially exposed order details, customer and shipping information.
“We definitely leaked your name, where you live, and everything you’ve ordered from us before. You should make sure you lock your doors.”
For avoidance of doubt, no sensitive information such as credit card numbers, bank account details, national identification numbers or passwords was exposed.
“Listen, I know you’re upset, but we could have fucked up even worse.”
In addition, no other information from the servers for our other software or services was exposed.
“We spent a lot more effort on Synapse 3 than we did protecting your personal information, and no one has ever complained about it. The files on your computer are probably fine. You only use it for gaming, right?”
We sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensuring the digital safety and security of all our customers.
“We are committed to saying whatever it takes for you to keep buying gaming hardware from us, and not much else. I assume you’ve stopped reading by this point.”