Filed under: Finance, Security, Web services, Op-Ed
Is Rudder's security breach really serious or is the web overreacting?
Early morning Tuesday a software malfunction caused a security breach at Rudder, a web based financial management service Download Squad has covered in the past. It seems a number of Rudder users received email intended for a ton of other users, and in some cases one user received hundreds of emails intended for other users of the service.
Soon after, Twitter went crazy with tweets and retweets about Rudder's security breach, and before you know it a mishap affecting hundreds of users was being widely commented on by thousands of people.
So how serious is it, really?
First, if you were one of the unlucky few, Rudder is offering you a complementary subscription to an identity protection service. If you still want to cancel, go ahead, they make it easy -- and always have.
Second, Rudder released an official statement, after presumably spending the day writing it and clearing it with a lineup of lawyers, VCs and other involved parties.
Here's the dirt:
- 732 accounts were involved (about 2 percent of Rudder's users, less than the 3.5% TechCrunch earlier reported)
- Information available to the 732 people who received the flood of email didn't contain (nor did it grant access to) any user's social security number, bank account or credit card logins
- Recent transactions
- Current balance information
- Upcoming bill information
Canceling your account now is a bit like closing the barn door after the cow gets loose. What damage could be done, has been done. Rudder has taken a ton of steps to ensure this doesn't happen again, and I can only imagine the mood around the Rudder offices is one part panic and one part determination. On the whole, when you think about it, the information breached isn't all that different than the information you'd acquire by running across someone else's ATM receipt.
Using web based financial services carries inherent risk. So does crossing the street, driving to work, and eating at that new buffet place on the corner. The point is, we trade risk for reward and we mitigate the risk we choose to face by taking precautions. In other words; Look both ways, wear your seat belt and stay away from the buffet sushi.
If you're worried about your financial information, and regardless whether you are or were a Rudder user, you should likely be using one of the reputable credit monitoring services, keeping an eye on your accounts and possibly even freezing your credit files.
If you're sticking with Rudder (or Mint, I use them both) and you have a reason why, tell us in the comments. If, on the other hand, you think I'm crazy, and would like to first talk to my accountant, and then my shrink, we'd love to hear from you in the comments as well.
So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do.
Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game.
The mechanics of the game are very simple. You are a small red square, ...
Reader Comments (Page 1 of 1)
mark said 2:00PM on 5-20-2009
Great post! I think the Rudder issue was way overblown and they have responded appropriately. The bottom line: none of the breached information jeopardizes the users identity or property. I am keeping my Rudder account. I find it to be a great and useful service.
Reply
matt @ Thrive said 8:53PM on 5-20-2009
Well said. I left comments on as many articles as I could find about the Rudder issue precisely because of this concern: you want people to understand that while a mistake was made and it was preventable, it was one company and one time and the space itself has a lot of help to offer the world. As the Lead Scientist at another personal finance site, www.justthrive.com, I think it is critical to remember what Rudder's CEO said in his apology e-mail: that the greatest problem here may be that people stop using the personal finance sites that truly have a chance to help them save.
I think many PFM's (Thrive, Wesabe, SmartyPig, etc.) are genuinely interested in helping people, whatever their actual business model, and it would be a true shame if people swore off the space over what amounts to a non-unique space that really has very little to do specifically with PFM sites.
Reply
Nikhil said 9:13PM on 5-20-2009
Grant,
Thanks for taking the time to write and we appreciate your support. Again, we’d like to sincerely apologize for the email incident yesterday.
We greatly appreciate the generosity that the Rudder user community has shown us thus far, and for those of you who choose to continue managing your finances with us, we will go above and beyond the call of duty in every aspect of our business in order to regain your trust.
More than anything, we hope that users do not let this incident discourage them from pursuing the benefits of managing their finances online, regardless of which provider they may use. Improving Americans’ financial health has been our mission since day one, and we continue to believe that this new generation of personal finance management applications, including Rudder, have the potential to change the world for the better.
Regards,
Nikhil Roy
Founder & CEO
Rudder.com
Reply
Linda Goossen said 11:35AM on 6-01-2009
I haven't received any reports from my rudder account, and I was wondering what happened to them. Did they close? I really liked the service.
If they didn't close down, how do I get back to them?
Reply