You are viewing a single comment's thread.

view the rest of the comments →

1
7

[–] ChillyHellion 1 points 7 points (+8|-1) ago 

I think the biggest issue is the lack of communication. It was hours before we could get a grasp on the scope of the issue, and people were freaked out in the interim. When Valve did release a statement, it didn't really address the scope of the problem either. "Cached page information" is a much more PR-friendly way of referring to users' personal information, and I would have preferred if Valve would have been more upfront with exactly what happened and why it isn't a big deal.

"Users were able to see information belonging to other users" should have been included in the statement somewhere, and if that's not a big deal then they should have spelled out exactly why.

0
2

[–] SkepticalMartian 0 points 2 points (+2|-0) ago  (edited ago)

I don't expect most people here to really understand how these things work, but reporting these issues to your customers is rarely as simple as "phone up the PR department and issue a statement" moments after the issue is found.

It takes time to figure out the scope and size of a problem. Sometimes what caused the issue is not always obvious, and you really want to be sure you know what you're talking about before making a public statement.

Not only that, but you have to consider the hierarchy involved. A programmer can't make a statement on behalf of the company, nor should he. This is far more likely to get you fired than making an honest mistake. Also consider it occurred during a period when a large portion of the company was likely on holidays. All this cross communication, and hunting down people who may or may not be working due to the holiday takes time.

0
1

[–] ChillyHellion 0 points 1 points (+1|-0) ago 

hey, I wanted to follow up on your comment because it looks like you're exactly right; Valve has issued a more detailed statement about the exposed data, including its personal nature and a few more details on the nature of the issue. Great call on this one; your thoughts on internal hierarchy and needing to collect more details are probably the best explanation for the delay.

0
1

[–] ChillyHellion 0 points 1 points (+1|-0) ago 

Those are good points. There are risks in making a statement before you're sure of the situation, and releasing a statement that's above your pay grade. You've changed my mind about the lack of communication during the event.

I do still have a problem with their issued statement after the fact. It reads like "there's nothing to worry about because it's just a caching problem and we fixed it", when the real problem is that the cached data contained personal information. Whether that leak of personal information is a problem or not should be addressed one way or another. If it's not a problem, they shouldn't be afraid to say that, and explain why. "cached page information" just seems like downplaying the issue with the hopes that people won't think about what the data actually is.