Filed under: Finance, Security, Web services, Op-Ed
Is Rudder's security breach really serious or is the web overreacting?
Early morning Tuesday a software malfunction caused a security breach at Rudder, a web based financial management service Download Squad has covered in the past. It seems a number of Rudder users received email intended for a ton of other users, and in some cases one user received hundreds of emails intended for other users of the service.
Soon after, Twitter went crazy with tweets and retweets about Rudder's security breach, and before you know it a mishap affecting hundreds of users was being widely commented on by thousands of people.
So how serious is it, really?
First, if you were one of the unlucky few, Rudder is offering you a complementary subscription to an identity protection service. If you still want to cancel, go ahead, they make it easy -- and always have.
Second, Rudder released an official statement, after presumably spending the day writing it and clearing it with a lineup of lawyers, VCs and other involved parties.
Here's the dirt:
- 732 accounts were involved (about 2 percent of Rudder's users, less than the 3.5% TechCrunch earlier reported)
- Information available to the 732 people who received the flood of email didn't contain (nor did it grant access to) any user's social security number, bank account or credit card logins
- Recent transactions
- Current balance information
- Upcoming bill information
Canceling your account now is a bit like closing the barn door after the cow gets loose. What damage could be done, has been done. Rudder has taken a ton of steps to ensure this doesn't happen again, and I can only imagine the mood around the Rudder offices is one part panic and one part determination. On the whole, when you think about it, the information breached isn't all that different than the information you'd acquire by running across someone else's ATM receipt.
Using web based financial services carries inherent risk. So does crossing the street, driving to work, and eating at that new buffet place on the corner. The point is, we trade risk for reward and we mitigate the risk we choose to face by taking precautions. In other words; Look both ways, wear your seat belt and stay away from the buffet sushi.
If you're worried about your financial information, and regardless whether you are or were a Rudder user, you should likely be using one of the reputable credit monitoring services, keeping an eye on your accounts and possibly even freezing your credit files.
If you're sticking with Rudder (or Mint, I use them both) and you have a reason why, tell us in the comments. If, on the other hand, you think I'm crazy, and would like to first talk to my accountant, and then my shrink, we'd love to hear from you in the comments as well.