From Apple:
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
I finally received this email Monday night, a full four days after Apple’s developer website went down. That feels like a long time to be leaving your customers in the dark on what’s going on. I understand they needed time to investigate but Apple left everyone in the dark on what was happening for several days.
How would you handle informing your customers in this kind of situation?
They definitely should been more forthcoming once they though the site was compromised.
Agreed!
It amazes me that simply letting users know what’s going on when things break is still one of Apple’s biggest weaknesses.
Right? They should be better than this.
Seeing as it took them so long to let anyone know what was happening I’m sure that they could have written a more informative post than that! Take note, Apple: http://www.campaignmonitor.com/blog/post/2852/
This is an awesome example of a well-handled situation, Lauren! That’s the kind of communication I’d expect.
Isn’t it great! I love that they’ve gone through the responses from their customers and updated their original post with some FAQ’s.
Yes! That’s my favorite part as well. Also the fact that they specifically note a couple of times they’ve contacted the accounts in question privately, so you can feel a bit safer if they haven’t contacted you directly.
That’s a fantastic example! The CM folks nailed it. It’s exactly what I’d want if I was a customer in that situation.
I feel like this was a terrible and pointless email. By Monday night, everybody already knew that there was “an intruder”. There was no information in there that was gathered within those past four days, so this email could just as well have been sent out Thursday right as they were taking the website down. By Monday, I would have expected a longer account on what had been done within those four days.
You’re right – that email on Thursday would’ve been fine. Same email on Monday is just pointless.